CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32764 – myQNAPcloud Link
https://notcve.org/view.php?id=CVE-2024-32764
26 Apr 2024 — A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later Se ha informado que falta una autenticación para una vulnerabilidad de función crítica que afecta a myQNAPcloud Link. Si se explota, la vulnerabilidad podría permitir a los usuarios con el nive... • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-306: Missing Authentication for Critical Function CWE-346: Origin Validation Error CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 0CVE-2024-21901 – myQNAPcloud
https://notcve.org/view.php?id=CVE-2024-21901
08 Mar 2024 — A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados inyectar código... • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28815 – Insecure Storage of Sensitive Information in myQNAPcloud Link
https://notcve.org/view.php?id=CVE-2021-28815
16 Jun 2021 — Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. Se ha reportado de que el almacenamiento no seguro de información confidencial afecta... • https://www.qnap.com/zh-tw/security-advisory/qsa-21-26 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2019-7181 – QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
https://notcve.org/view.php?id=CVE-2019-7181
19 Apr 2019 — Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. Una vulnerabilidad de desbordamiento de búfer en myQNAPcloud Connect versión 1.3.3.0925 y anteriores, podría permitir que los atacantes remotos bloqueen el programa. QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability. • https://packetstorm.news/files/id/152570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •