- Want to extend your iPhone battery life? Stop making this common mistake
- I took a chance on this Marshall Bluetooth speaker - its audio quality and design delivered
- Tj-actions Supply Chain Attack Traced Back to GitHub Token Compromise
- I changed 10 Samsung phone settings to drastically improve the user experience
- 9 principles to improve IT supplier relationship management
QNAP fixes critical security holes in its networking solutions

Critical NAS read and code execution vulnerabilities
Tracked as CVE-2024-38643, a missing authentication for critical function vulnerability in QNAP’s note-taking and collaboration application for its NAS devices, Notes Station 3, could provide a remote attacker unauthorized access into the vulnerable systems.
The vulnerability, which has received a CVSS v3 severity rating of 9.8 out of 10, affects Notes Station 3 versions 3.9.x, and has been fixed in versions 3.9.7 and later. Other than the IT service providers, QNAP’s NAS services are used by a number of organizations in the media and entertainment, healthcare, and education segments for their trusted data storage hardware.
Affecting the same versions of the application is another server-side request forgery (SSRF) flaw, tracked as CVE-2024-38645, allowing remote actors with compromised access through CVE-2024-38643 to read full application data. The flaw carries a CVSS v4 rating of 9.4/10.