Filtered by vendor Qnap
Subscriptions
Total
313 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-34346 | 1 Qnap | 2 Nvr Storage Expansion, Nvr Storage Expansion Firmware | 2024-09-16 | 9.8 Critical |
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage Expansion 1.0.6 ( 2021/08/03 ) and later | ||||
CVE-2021-38686 | 1 Qnap | 1 Qvr | 2024-09-16 | 8.8 High |
An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later | ||||
CVE-2020-2498 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 6.1 Medium |
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later | ||||
CVE-2018-0718 | 1 Qnap | 2 Music Station, Qts | 2024-09-16 | N/A |
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | ||||
CVE-2017-7634 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page. | ||||
CVE-2021-28812 | 1 Qnap | 4 Qts, Quts Hero, Qutscloud and 1 more | 2024-09-16 | 8.8 High |
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3. | ||||
CVE-2021-38674 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-16 | 4.2 Medium |
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later | ||||
CVE-2021-28810 | 1 Qnap | 1 Roon Server | 2024-09-16 | 7.5 High |
If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later | ||||
CVE-2021-34360 | 1 Qnap | 4 Nas Proxy Server, Qts, Quts Hero and 1 more | 2024-09-16 | 5.3 Medium |
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later | ||||
CVE-2017-13071 | 1 Qnap | 2 Qts, Video Station | 2024-09-16 | N/A |
QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. | ||||
CVE-2018-19954 | 1 Qnap | 1 Photo Station | 2024-09-16 | 6.1 Medium |
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. | ||||
CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-09-16 | 7.2 High |
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | ||||
CVE-2020-2501 | 1 Qnap | 2 Nas, Surveillance Station | 2024-09-16 | 9.8 Critical |
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) | ||||
CVE-2023-34976 | 1 Qnap | 1 Video Station | 2024-09-16 | 4.3 Medium |
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | ||||
CVE-2023-34977 | 1 Qnap | 1 Video Station | 2024-09-16 | 4.6 Medium |
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | ||||
CVE-2020-2507 | 1 Qnap | 1 Helpdesk | 2024-09-16 | 9.8 Critical |
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||||
CVE-2013-0142 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2024-09-16 | N/A |
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | ||||
CVE-2021-44053 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-16 | 5.7 Medium |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later | ||||
CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2024-09-16 | 6.1 Medium |
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | ||||
CVE-2020-2493 | 1 Qnap | 1 Multimedia Console | 2024-09-16 | 6.1 Medium |
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later. |