QNAP has released fixes for several vulnerabilities affecting the QTS and QuTS hero operating systems. In addition to the three high severity vulnerabilities below, the security advisory also addresses two medium severity vulnerabilities and three low severity vulnerabilities.
QuTS is QNAP’s operating system for high-end enterprise NAS devices. Vulnerability Details CVE-2024-48865: An improper certificate validation vulnerability with a CVSSv4 score of 7.3. If exploited, an attacker with local network access could compromise the security of the system.
Read more…
Source: NHS Digital
Related:
- Mozilla Releases Security Updates for Firefox
March 28, 2025
Mozilla has released security updates to address one critical vulnerability in Firefox and Firefox ESR. Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in Firefox’s Inter-process Communication (IPC) code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. Exploitation ...
- Security Update Released for CrushFTP
March 28, 2025
A vulnerability has been disclosed in CrushFTP, a file server supporting standard secure file transfer protocols, after being discovered by a security researcher. The vulnerability designated as CVE-2025-2825 is a critical ‘improper authentication’ vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow an unauthenticated attacker to craft remote and unauthenticated HTTP requests to CrushFTP, ...
- Broadcom Releases Security Advisory for VMware Tools for Windows
March 25, 2025
Broadcom has released a security advisory addressing a high severity vulnerability in VMware Tools for Windows. VMware Tools is a suite of utilities that enhances the performance of VMware virtual machines and provides extra functionality. CVE-2025-22230 is an authentication bypass due to improper access control vulnerability with a CVSSv3 score of 7.8. If exploited, an attacker ...
- Cisco Releases Security Advisories for Cisco IOS XR Software
March 13, 2025
Cisco has released 10 security advisories addressing multiple vulnerabilities, including seven high and three medium severity advisories affecting Cisco IOS XR Software, which is a networking software system. CVE-2025-20138 is an ‘improper neutralization of special elements used in an OS Command’ vulnerability with a CVSSv3 score of 8.8. Successful exploitation could allow an authenticated, remote attacker ...
- Apple Releases Security Updates for Multiple Products
March 12, 2025
Apple has released security updates to address an exploited vulnerability in multiple Apple products. CVE-2025-24201 is an ‘out-of-bounds write’ vulnerability that could allow an attacker with maliciously crafted web content to break out of Web Content sandbox. The security update addressing CVE-2025-24201 is a supplementary fix for an exploited vulnerability that was addressed in iOS 17.2. ...
- Patch Tuesday – March 2025
March 11, 2025
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists all of them. Microsoft is also aware of public disclosure for one other vulnerability. This is ...