8.7
CVE-2024-47043 - Ruijie Reyee OS Insecure Storage of Sensitive Information
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address.
7.1
CVE-2024-51727 - Ruijie Reyee OS Premature Release of Resource During Expected Lifetime
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account.
7.1
CVE-2024-42494 - Ruijie Reyee OS Exposure of Private Personal Information to an Unauthorized Actor
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services
9.3
CVE-2024-47547 - Ruijie Reyee OS Weak Password Recovery Mechanism for Forgotten Password
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks.
8.5
CVE-2024-11220 - Open Automation Software Incorrect Execution-Assigned Permissions
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation.
6.9
CVE-2024-52558 - Planet Technology Planet WGS-804HPT Integer Underflow
The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program.
9.3
CVE-2024-52320 - Planet Technology Planet WGS-804HPT Command Injection
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution.
9.3
CVE-2024-48871 - Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow
The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.
7.7
CVE-2024-48863 - License Center
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later
2.1
CVE-2024-50403 - QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulneraβ¦