CyberAlerts

CVE-2024-48867

Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48866

QTS, QuTS hero

Description: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: LOW (2.3)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48865

QTS, QuTS hero

Description: An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48863

License Center

Description: A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later

CVSS: HIGH (7.7)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48859

QTS, QuTS hero

Description: An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48703

PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata...

Description: PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-47913

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API...

Description: An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-47791

Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols

Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-47547

Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password

Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.

CVSS: CRITICAL (9.4)

EPSS Score: 0.09%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-47146

Ruijie Reyee OS Resource Leak

Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-48867	QTS, QuTS hero Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48866	QTS, QuTS hero Description: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: LOW (2.3) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48865	QTS, QuTS hero Description: An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: HIGH (7.3) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48863	License Center Description: A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later CVSS: HIGH (7.7) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48859	QTS, QuTS hero Description: An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48703	PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata... Description: PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-47913	An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API... Description: An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-47791	Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-47547	Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. CVSS: CRITICAL (9.4) EPSS Score: 0.09% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-47146	Ruijie Reyee OS Resource Leak Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. CVSS: MEDIUM (6.5) EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)