How severe is CVE-2023-50358?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2023-50358?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2023-50358 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Related Vulnerabilities

CVE-2024-44072

MEDIUM

CVSS:5.7(Medium)

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected pro...

CWE-782024

CVE-2022-22454

MEDIUM

CVSS:5.9(Medium)

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

CWE-782022

CVE-2023-34980

MEDIUM

CVSS:5.9(Medium)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands v...

CWE-782023

CVE-2020-7789

MEDIUM

CVSS:5.6(Medium)

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

CWE-782020

CVE-2021-24033

MEDIUM

CVSS:5.6(Medium)

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts...

CWE-782021

CVE-2023-51699

MEDIUM

CVSS:6.0(Medium)

Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRunt...

CWE-782023