NVD disclosure day
CVE-2018-19953
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A cross-site scripting vulnerability affects QNAP QTS systems, enabling remote attackers to inject malicious code and potentially compromise system integrity. The risk involves unauthorized code execution, impacting data and operations. Organizations should identify and protect affected systems.
CVE-2018-19949
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A command injection vulnerability affects QNAP NAS devices. Attackers can run arbitrary commands remotely, posing a risk to data and systems. Mitigation involves applying vendor updates.
CVE-2018-19943
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A cross-site scripting flaw in QNAP QTS allows remote attackers to inject malicious code, potentially impacting system integrity and data confidentiality for affected organizations. This external vulnerability has been observed in the wild, posing a business risk.
CVE-2020-8260
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authenticated attacker can exploit a flaw in the Pulse Connect Secure admin web interface, allowing for arbitrary code execution through uncontrolled gzip extraction. This presents a business risk of unauthorized system access and data compromise.