How severe is CVE-2022-27593?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2022-27593?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2022-27593

CRITICAL Year: 2022

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-610

View all →

Vulnerability Description

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

CVE-2024-32980

CRITICAL

CVSS:9.1(Critical)

Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a sp...

CWE-6102024

CVE-2021-27648

HIGH

CVSS:8.8(High)

Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via ...

CWE-6102021

CVE-2021-30245

HIGH

CVSS:8.8(High)

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link...

CWE-6102021

CVE-2021-43844

HIGH

CVSS:8.8(High)

MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifical...

CWE-6102021

CVE-2022-24854

HIGH

CVSS:8.8(High)

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial c...

CWE-6102022

CVE-2024-45826

HIGH

CVSS:8.8(High)

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can...

CWE-6102024

CVE-2022-27593

Vulnerability Description

Related Vulnerabilities

CVE-2024-32980

CVE-2021-27648

CVE-2021-30245

CVE-2021-43844

CVE-2022-24854

CVE-2024-45826