CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28811 – Vulnerability in Roon Server
https://notcve.org/view.php?id=CVE-2021-28811
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later Si se explota, esta vulnerabilidad de inyección de comandos podría permitir a los atacantes remotos ejecutar comandos arbitrarios. Roon Labs ya ha corregido esta vulnerabilidad en las siguientes versiones: Roon Server 2021-05-18 y posteriores • https://www.qnap.com/zh-tw/security-advisory/qsa-21-17 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28810 – Vulnerability in Roon Server
https://notcve.org/view.php?id=CVE-2021-28810
If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later Si se explota, esta vulnerabilidad permite a un atacante acceder a recursos que no son accesibles de otro modo sin una autenticación adecuada. Roon Labs ya ha corregido esta vulnerabilidad en las siguientes versiones: Roon Server 2021-05-18 y posteriores • https://www.qnap.com/zh-tw/security-advisory/qsa-21-17 • CWE-290: Authentication Bypass by Spoofing •