Security Vulnerabilities - CVEs Published In December 2020
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
CVSS Score
7.5
EPSS Score
0.002
Published
2020-12-31
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)
CVSS Score
7.5
EPSS Score
0.001
Published
2020-12-31
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-12-31
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-31
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race.
CVSS Score
4.7
EPSS Score
0.0
Published
2020-12-31
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-12-31