CVE-2023-47218

MEDIUM Year: 2023
CVSS v3 Score
5.8
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

Related Vulnerabilities

CVE-2017-12339

MEDIUM
CVSS:5.7(Medium)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation ...

CWE-772017

CVE-2020-15955

MEDIUM
CVSS:5.9(Medium)

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials...

CWE-772020

CVE-2020-29547

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands int...

CWE-772020

CVE-2020-4688

MEDIUM
CVSS:5.9(Medium)

IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700.

CWE-772020

CVE-2021-38370

MEDIUM
CVSS:5.9(Medium)

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.

CWE-772021

CVE-2021-38542

MEDIUM
CVSS:5.9(Medium)

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially...

CWE-772021