2025-01-31 14:18:57 Pacfic
Critical Veeam VSPC Remote Code Execution Vulnerability Patched - 26d
Veeam released patches for critical vulnerabilities (CVE-2024-42448) in its Service Provider Console (VSPC), allowing remote code execution (RCE). The vulnerabilities were discovered during internal testing and have a CVSS score of 9.9, highlighting their extreme severity. The flaw could enable attackers to take complete control of affected systems.
Critical QNAP Vulnerabilities in Notes Station 3 and QuRouter - 5d
Critical vulnerabilities were found in QNAP’s Notes Station 3 and QuRouter. CVE-2024-38645 (CVSS 9.4) is an SSRF vulnerability allowing remote attackers to manipulate server behavior; CVE-2024-38643 (CVSS 9.3) is a missing authentication flaw allowing remote access without credentials; CVE-2024-48860 (CVSS 9.5) is a remote command execution vulnerability in QuRouter. These flaws allow unauthorized access, data theft, and malware deployment. Other high-severity vulnerabilities in QuLog Center, AI Core, QTS, and QuTS Hero were also addressed.