CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 0CVE-2024-21901 – myQNAPcloud
https://notcve.org/view.php?id=CVE-2024-21901
08 Mar 2024 — A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados inyectar código... • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2019-7181 – QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
https://notcve.org/view.php?id=CVE-2019-7181
19 Apr 2019 — Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. Una vulnerabilidad de desbordamiento de búfer en myQNAPcloud Connect versión 1.3.3.0925 y anteriores, podría permitir que los atacantes remotos bloqueen el programa. QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability. • https://packetstorm.news/files/id/152570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •