Filtered by vendor Qnap
Subscribe
Total
274 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-2508 | 1 Qnap | 2 Qts, Quts Hero | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) | |||||
CVE-2020-2507 | 1 Qnap | 1 Helpdesk | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | |||||
CVE-2020-2502 | 1 Qnap | 1 Photo Station | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later | |||||
CVE-2020-2504 | 1 Qnap | 1 Qes | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. | |||||
CVE-2018-19952 | 1 Qnap | 2 Music Station, Qts | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | |||||
CVE-2020-2499 | 1 Qnap | 1 Qes | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. | |||||
CVE-2020-2494 | 1 Qnap | 3 Music Station, Qts, Quts Hero | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later | |||||
CVE-2018-19954 | 1 Qnap | 1 Photo Station | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. | |||||
CVE-2018-19946 | 1 Qnap | 1 Helpdesk | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
CVE-2018-19948 | 1 Qnap | 1 Helpdesk | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
CVE-2020-2500 | 1 Qnap | 1 Helpdesk | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions. | |||||
CVE-2018-19947 | 1 Qnap | 1 Helpdesk | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
CVE-2018-0728 | 1 Qnap | 2 Helpdesk, Qts | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions. | |||||
CVE-2019-7197 | 1 Qnap | 1 Qts | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. | |||||
CVE-2019-7193 | 1 Qnap | 1 Qts | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. | |||||
CVE-2013-6277 | 1 Qnap | 2 Viocard 300, Viocard 300 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
QNAP VioCard 300 has hardcoded RSA private keys. | |||||
CVE-2018-0729 | 1 Qnap | 2 Music Station, Qts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. | |||||
CVE-2019-7185 | 1 Qnap | 2 Music Station, Qts | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions. | |||||
CVE-2019-7184 | 1 Qnap | 2 Qts, Video Station | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. | |||||
CVE-2018-0730 | 1 Qnap | 1 Qts | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. |