Filtered by vendor Qnap Subscriptions
Total 313 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-6022 1 Qnap 1 Signage Station 2024-08-06 N/A
Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.
CVE-2015-6003 1 Qnap 1 Qts 2024-08-06 N/A
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
CVE-2015-5664 1 Qnap 1 Qts 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-13069 1 Qnap 1 Music Station 2024-08-05 N/A
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.
CVE-2017-12582 1 Qnap 2 Ts-212p, Ts-212p Firmware 2024-08-05 N/A
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
CVE-2017-10700 1 Qnap 1 Qts 2024-08-05 N/A
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
CVE-2017-7876 1 Qnap 1 Qts 2024-08-05 10 Critical
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.
CVE-2017-7635 1 Qnap 1 Nas Proxy Server 2024-08-05 N/A
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
CVE-2017-7636 1 Qnap 1 Nas Proxy Server 2024-08-05 N/A
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
CVE-2017-7639 1 Qnap 1 Nas Proxy Server 2024-08-05 N/A
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
CVE-2017-7637 1 Qnap 1 Nas Proxy Server 2024-08-05 N/A
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
CVE-2017-7629 1 Qnap 1 Qts 2024-08-05 N/A
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
CVE-2017-6361 1 Qnap 1 Qts 2024-08-05 N/A
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVE-2017-6359 1 Qnap 1 Qts 2024-08-05 N/A
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
CVE-2017-6360 1 Qnap 1 Qts 2024-08-05 N/A
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
CVE-2017-5227 1 Qnap 1 Qts 2024-08-05 N/A
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
CVE-2018-19948 1 Qnap 1 Helpdesk 2024-08-05 2 Low
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
CVE-2018-19949 1 Qnap 1 Qts 2024-08-05 9.8 Critical
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
CVE-2018-19946 1 Qnap 1 Helpdesk 2024-08-05 4.2 Medium
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.
CVE-2018-19943 1 Qnap 1 Qts 2024-08-05 8 High
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later