This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2023-51365.
Category Archives: Advisories
ZDI-24-475: (Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2023-51364.
ZDI-24-474: (Pwn2Own) QNAP TS-464 Exposed Dangerous Method Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-32766.
ZDI-24-473: (Pwn2Own) QNAP TS-464 Authentication Service Improper Certificate Validation Vulnerability
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-27124.
ZDI-24-472: (Pwn2Own) QNAP TS-464 Netmgr Endpoint CRLF Injection Arbitrary Configuration Update Vulnerability
This vulnerability allows remote attackers to create arbitrary configurations on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to access the device’s localhost interface, which can be accomplished using a malicious TURN server. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2024-32764.
ZDI-24-471: (Pwn2Own) QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21901.
ZDI-24-470: (Pwn2Own) QNAP TS-464 QR Code Device CRLF Injection Arbitrary Configuration Change Vulnerability
This vulnerability allows remote attackers to make arbitrary changes to configuration on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.1. The following CVEs are assigned: CVE-2024-21899.
kernel-6.8.10-100.fc38
FEDORA-2024-88abd103c8
Packages in this update:
kernel-6.8.10-100.fc38
Update description:
The 6.8.10 stable kernel update contains a number of important fixes across the tree
kernel-6.8.10-200.fc39
FEDORA-2024-49fcf86f58
Packages in this update:
kernel-6.8.10-200.fc39
Update description:
The 6.8.10 stable kernel update contains a number of important fixes across the tree
kernel-6.8.10-300.fc40
FEDORA-2024-92664ae6fe
Packages in this update:
kernel-6.8.10-300.fc40
Update description:
The 6.8.10 stable kernel update contains a number of important fixes across the tree