CND News and Blog

New Vulnerabilities Friday 06 May


New Alerts for QNAP, IBM, Sophos, and NetApp.

QNAP 

A vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands. QNAP rates this Critical.
More info.

A vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. QNAP rates this High.
More info.

Multiple vulnerabilities have been reported to affect QTS, QuTS hero, and QuTScloud. If exploited, these vulnerabilities allows remote attackers to run arbitrary commands, traverse the file system to unintended locations and read or overwrite files, inject malicious code, or redirect users to an untrusted page that contains malware. QNAP rates this High.
More info.

A path traversal vulnerability in thttpd has been reported to affect QNAP devices running QTS, QuTS hero, and QuTScloud. If exploited, this vulnerability allows attackers to access and read sensitive data. QNAP rates this Medium.
More info.

Multiple vulnerabilities have been reported to affect QNAP NAS running certain versions of Video Station. If exploited, this vulnerability allows remote attackers to access sensitive data, perform unauthorized actions, and compromise the security of the system. QNAP rates this Medium.
More info.

IBM 

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in IBM WebSphere Application Server. CVSSv3 score of 9.8
More info.

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities in third-party software and IBM WebSphere Application Server Liberty. Highest CVSSv3 score of 9.8
More info.

Sophos 

Sophos Firewall has been updated to fix several security vulnerabilities, including an authentication bypass vulnerability allowing RCE rated Critical.
More info.

NetApp 

NetApp has published 7 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 12 August 2022

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.