Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-48866 |
Description: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: LOW (2.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-48865 |
Description: An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: HIGH (7.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-48863 |
Description: A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
License Center 1.9.43 and later
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-48859 |
Description: An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-48703 |
Description: PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-47913 |
Description: An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-47791 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-47547 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
CVSS: CRITICAL (9.4) EPSS Score: 0.09%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-47146 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|
|
CVE-2024-47043 |
Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
CVSS: HIGH (7.5) EPSS Score: 0.05%
December 7th, 2024 (5 months ago)
|