A vulnerability was found in QNAP QVR. It has been rated as critical. This issue affects an unknown functionality. Upgrading to version 5.1.5 Build 20210902 eliminates this vulnerability.
QNAP QVR prior 5.1.5 Build 20210902 os command injection [CVE-2021-34352]
- Virtual Patching
- October 1, 2021
- 7:05 am
CVE-2023-33595 : CPYTHON 3.12.0 ALPHA 7 /OBJECTS/UNICODEOBJECT.C ASCII_DECODE USE AFTER FREE
Description CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. References https://github.com/python/cpython/issues/103824
CVE-2023-33553 : PLANET WDRT-1800AX 1.01-CP2 COOKIE LOGINSTATUS IMPROPER AUTHENTICATION
Description An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation
CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION
Description Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations