QNAP QVR prior 5.1.5 Build 20210902 os command injection [CVE-2021-34352]

A vulnerability was found in QNAP QVR. It has been rated as critical. This issue affects an unknown functionality. Upgrading to version 5.1.5 Build 20210902 eliminates this vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-33595 : CPYTHON 3.12.0 ALPHA 7 /OBJECTS/UNICODEOBJECT.C ASCII_DECODE USE AFTER FREE

CVE-2023-33595 : CPYTHON 3.12.0 ALPHA 7 /OBJECTS/UNICODEOBJECT.C ASCII_DECODE USE AFTER FREE

Description CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. References https://github.com/python/cpython/issues/103824

CVE-2023-33553 : PLANET WDRT-1800AX 1.01-CP2 COOKIE LOGINSTATUS IMPROPER AUTHENTICATION

CVE-2023-33553 : PLANET WDRT-1800AX 1.01-CP2 COOKIE LOGINSTATUS IMPROPER AUTHENTICATION

Description An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation

CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION

CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION

Description Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations