Yc

**Name of the Vulnerable Software and Affected Versions** IDExpert versions up to 2.8 **Description** The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be exploited by injecting a specific parameter. **Recommendations** For versions up to 2.8, patch immediately and restrict admin access to minimize the risk of exploitation. Additionally, validate input/output to prevent OS command injection. As a temporary workaround, consider restricting access to the administrator interface until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Eclipse Target Management: Terminal and Remote System Explorer (RSE) versions <= 4.5.400 **Description** The issue exists due to the lack of measures to neutralize special elements used in operating system commands. This allows a remote attacker to execute arbitrary code without requiring authentication. **Recommendations** For versions <= 4.5.400, update to a version included in Eclipse IDE 2024-03 or later to resolve the issue. As a temporary workaround, consider restricting access to the Terminal and Remote System Explorer (RSE) until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h5.1.0 versions prior to 2424 build 20230609 QuTS hero h5.0.1 versions prior to 2515 build 20230907 QuTS hero h4.5.4 versions prior to 2476 build 20230728 **Description** A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. The issue exists due to insufficient data sanitization, which could allow a remote attacker to conduct an XSS attack using a specially crafted link. **Recommendations** For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero h5.1.0 versions prior to 2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero h5.0.1 versions prior to 2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h4.5.4 versions prior to 2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later.

**Name of the Vulnerable Software and Affected Versions** Container Station versions prior to 2.6.7.44 **Description** An OS command injection issue has been reported, potentially allowing authenticated administrators to execute commands via a network. **Recommendations** For versions prior to 2.6.7.44, update to version 2.6.7.44 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QTS versions prior to 5.0.1.2376 build 20230421 QTS versions prior to 4.5.4.2374 build 20230416 QuTS hero versions prior to h5.0.1.2376 build 20230421 QuTS hero versions prior to h4.5.4.2374 build 20230417 QuTScloud versions prior to c5.0.1.2374 **Description** An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. **Recommendations** For QTS versions prior to 5.0.1.2376 build 20230421, update to QTS 5.0.1.2376 build 20230421 or later. For QTS versions prior to 4.5.4.2374 build 20230416, update to QTS 4.5.4.2374 build 20230416 or later. For QuTS hero versions prior to h5.0.1.2376 build 20230421, update to QuTS hero h5.0.1.2376 build 20230421 or later. For QuTS hero versions prior to h4.5.4.2374 build 20230417, update to QuTS hero h4.5.4.2374 build 20230417 or later. For QuTScloud versions prior to c5.0.1.2374, update to QuTScloud c5.0.1.2374 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.0.1.2346 build 20230322 QNAP QTS versions prior to 4.5.4.2374 build 20230416 QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324 QNAP QuTS hero versions prior to h4.5.4.2374 build 20230417 QNAP QuTScloud versions prior to c5.0.1.2374 **Description** The issue is related to an OS command injection vulnerability that could allow remote authenticated administrators to execute commands via unspecified vectors. This could potentially be achieved by sending specially crafted data. **Recommendations** For QNAP QTS versions prior to 5.0.1.2346 build 20230322, update to QTS 5.0.1.2346 build 20230322 or later. For QNAP QTS versions prior to 4.5.4.2374 build 20230416, update to QTS 4.5.4.2374 build 20230416 or later. For QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324, update to QuTS hero h5.0.1.2348 build 20230324 or later. For QNAP QuTS hero versions prior to h4.5.4.2374 build 20230417, update to QuTS hero h4.5.4.2374 build 20230417 or later. For QNAP QuTScloud versions prior to c5.0.1.2374, update to QuTScloud c5.0.1.2374 or later.