Filtered by vendor Qnap
Subscriptions
Total
313 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19956 | 1 Qnap | 1 Photo Station | 2024-09-16 | 6.1 Medium |
| The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10. | ||||
| CVE-2018-0708 | 1 Qnap | 1 Q\'center | 2024-09-16 | N/A |
| Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | ||||
| CVE-2021-44054 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-16 | 4.3 Medium |
| An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | ||||
| CVE-2021-28804 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 9.8 Critical |
| A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217. | ||||
| CVE-2021-34356 | 1 Qnap | 2 Nas, Photo Station | 2024-09-16 | 7.6 High |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | ||||
| CVE-2020-25847 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 8.8 High |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. | ||||
| CVE-2018-0714 | 1 Qnap | 2 Helpdesk, Qts | 2024-09-16 | N/A |
| Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | ||||
| CVE-2017-13072 | 1 Qnap | 1 Qts | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | ||||
| CVE-2021-34362 | 1 Qnap | 3 Media Streaming Add-on, Qts, Quts Hero | 2024-09-16 | 8.7 High |
| A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later | ||||
| CVE-2023-23373 | 1 Qnap | 1 Qusbcam2 | 2024-09-16 | 8.8 High |
| An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later | ||||
| CVE-2024-38641 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-16 | 7.8 High |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later | ||||
| CVE-2024-38642 | 1 Qnap | 1 Qumagie | 2024-09-16 | 7.8 High |
| An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later | ||||
| CVE-2024-38640 | 1 Qnap | 1 Download Station | 2024-09-16 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later | ||||
| CVE-2024-27122 | 1 Qnap | 1 Notes Station 3 | 2024-09-13 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later | ||||
| CVE-2023-34974 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-13 | 8.8 High |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later | ||||
| CVE-2024-32762 | 1 Qnap | 1 Qulog Center | 2024-09-13 | 8.2 High |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later | ||||
| CVE-2024-27125 | 1 Qnap | 1 Helpdesk | 2024-09-13 | 3.5 Low |
| A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later | ||||
| CVE-2024-27126 | 1 Qnap | 1 Notes Station 3 | 2024-09-13 | 6.3 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later | ||||
| CVE-2024-21904 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | 5.9 Medium |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||
| CVE-2024-27130 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | 7.2 High |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | ||||