Filtered by vendor Qnap
Subscriptions
Total
308 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2506 | 1 Qnap | 1 Helpdesk | 2024-09-17 | 7.3 High |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||||
| CVE-2018-19952 | 1 Qnap | 2 Music Station, Qts | 2024-09-17 | 7.5 High |
| If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | ||||
| CVE-2018-19957 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-17 | 6.1 Medium |
| A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later | ||||
| CVE-2017-13067 | 1 Qnap | 1 Qts | 2024-09-17 | N/A |
| QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack. | ||||
| CVE-2021-38685 | 1 Qnap | 1 Qvr | 2024-09-17 | 9.8 Critical |
| A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later | ||||
| CVE-2017-7638 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2024-09-17 | N/A |
| QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS. | ||||
| CVE-2017-17028 | 1 Qnap | 1 Qts | 2024-09-17 | N/A |
| A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | ||||
| CVE-2018-19950 | 1 Qnap | 2 Music Station, Qts | 2024-09-17 | 9.8 Critical |
| If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | ||||
| CVE-2014-5457 | 1 Qnap | 8 Ss-839, Ss-839 Firmware, Ts-459u and 5 more | 2024-09-17 | N/A |
| QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. | ||||
| CVE-2018-0706 | 1 Qnap | 1 Q\'center | 2024-09-17 | N/A |
| Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. | ||||
| CVE-2020-2496 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-17 | 6.1 Medium |
| If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later | ||||
| CVE-2021-34344 | 1 Qnap | 3 Qts, Qusbcam2, Quts Hero | 2024-09-17 | 9.8 Critical |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later | ||||
| CVE-2021-38684 | 1 Qnap | 1 Multimedia Console | 2024-09-17 | 8.1 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later Multimedia Console 1.5.3 ( 2021/10/05 ) and later | ||||
| CVE-2021-34357 | 1 Qnap | 2 Nas, Qmailagent | 2024-09-17 | 6.9 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | ||||
| CVE-2021-34358 | 1 Qnap | 2 Nas, Qmailagent | 2024-09-17 | 6.8 Medium |
| We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | ||||
| CVE-2018-19944 | 1 Qnap | 1 Qts | 2024-09-17 | 7.5 High |
| A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later) | ||||
| CVE-2018-19945 | 1 Qnap | 1 Qts | 2024-09-17 | 9.1 Critical |
| A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | ||||
| CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-17 | 6.1 Medium |
| An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | ||||
| CVE-2018-0709 | 1 Qnap | 1 Q\'center | 2024-09-17 | N/A |
| Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | ||||
| CVE-2021-28816 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-17 | 7.6 High |
| A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later | ||||