Chumen77

**Name of the Vulnerable Software and Affected Versions** QuMagie versions prior to 2.9.0 **Description** A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. **Recommendations** Update to version 2.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** QuMagie versions prior to 2.9.0 **Description** A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. **Recommendations** Update to version 2.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.6.2722 build 20240402 QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414 **Description** A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. **Recommendations** For QNAP QTS versions prior to 5.1.6.2722 build 20240402, update to QTS 5.1.6.2722 build 20240402 or later. For QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414, update to QuTS hero h5.1.6.2734 build 20240414 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.6.2722 build 20240402 QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414 **Description** A buffer copy without checking the size of input issue has been reported to affect several QNAP operating system versions. If exploited, this could allow users to execute code via a network. **Recommendations** For QNAP QTS versions prior to 5.1.6.2722 build 20240402, update to QTS 5.1.6.2722 build 20240402 or later. For QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414, update to QuTS hero h5.1.6.2734 build 20240414 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.0.2737 build 20240417 QNAP QuTS hero versions prior to h5.2.0.2782 build 20240601 **Description** A missing authorization issue has been reported, affecting several QNAP operating system versions. If exploited, it could allow local authenticated users to access data or perform actions they should not be allowed to via unspecified vectors. QuTScloud is not affected. **Recommendations** For QNAP QTS versions prior to 5.2.0.2737 build 20240417, update to QTS 5.2.0.2737 build 20240417 or later. For QNAP QuTS hero versions prior to h5.2.0.2782 build 20240601, update to QuTS hero h5.2.0.2782 build 20240601 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.6.2722 build 20240402 QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414 **Description** A NULL pointer dereference issue has been reported to affect several QNAP operating system versions. If exploited, the issue could allow users to launch a denial-of-service (DoS) attack via a network. **Recommendations** For QNAP QTS versions prior to 5.1.6.2722 build 20240402, update to QTS 5.1.6.2722 build 20240402 or later. For QNAP QuTS hero versions prior to h5.1.6.2734 build 20240414, update to QuTS hero h5.1.6.2734 build 20240414 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QTS versions prior to 4.5.4.2627 build 20231225 QNAP QuTS hero versions prior to h5.1.3.2578 build 20231110 QNAP QuTS hero versions prior to h4.5.4.2626 build 20231225 QNAP QuTScloud versions prior to c5.1.5.2651 **Description** A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. **Recommendations** For QNAP QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QNAP QTS versions prior to 4.5.4.2627 build 20231225, update to version 4.5.4.2627 build 20231225 or later. For QNAP QuTS hero versions prior to h5.1.3.2578 build 20231110, update to version h5.1.3.2578 build 20231110 or later. For QNAP QuTS hero versions prior to h4.5.4.2626 build 20231225, update to version h4.5.4.2626 build 20231225 or later. For QNAP QuTScloud versions prior to c5.1.5.2651, update to version c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.1.4.2596 build 20231128 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to c5.1.5.2651 **Description** The issue exists due to the lack of measures to neutralize special elements used in the operating system command. Exploitation of this issue could allow a remote attacker to execute arbitrary commands. **Recommendations** For QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QTS versions prior to 4.5.4.2627 build 20231225, update to version 4.5.4.2627 build 20231225 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to version h5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h4.5.4.2626 build 20231225, update to version h4.5.4.2626 build 20231225 or later. For QuTScloud versions prior to c5.1.5.2651, update to version c5.1.5.2651 or later.

**Name of the Vulnerable Software and Affected Versions** Synology SSL VPN Client versions prior to 1.4.7-0687 **Description** The issue is related to a buffer copy without checking the size of the input, which is a 'Classic Buffer Overflow' vulnerability in the cgi component. This allows local users to conduct denial-of-service attacks via unspecified vectors. **Recommendations** For versions prior to 1.4.7-0687, update to version 1.4.7-0687 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synology Camera Firmware versions prior to 1.0.5-0185 **Description** A vulnerability regarding the use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The affected models include BC500 and TC500. **Recommendations** For Synology Camera Firmware versions prior to 1.0.5-0185, update to version 1.0.5-0185 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi component until a patch is applied.