323 matches found
CVE-2021-34360 CSRF Bypass in Proxy Server
A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...
QNAP NAS 代理服务器跨站请求伪造漏洞
QNAP NAS is an accessible and fast storage solution from China-based QNAP Technologies QNAP. A cross-site request forgery vulnerability exists in the proxy server of QNAP NAS, which can be exploited by remote attackers to inject malicious code. The following products and versions are affected: QT...
CVE-2021-44054
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of...
CVE-2021-44053
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and...
CVE-2021-44052
An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...
CVE-2021-44051
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:...
CVE-2021-44052
An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...
CVE-2021-44053
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and...
Open redirect
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of...
Path traversal
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the...
Command injection
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:...
Cross site scripting
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and...
Design/Logic Flaw
An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...
CVE-2021-44054
CVE-2021-44054: Open redirect in QNAP devices running QuTScloud, QuTS hero, and QTS. Affects QuTScloud, QuTS hero (h5.0.0.1949+; build 20220215+) and (h4.5.4.1951; build 20220218+), as well as QTS (5.0.0.1986; build 20220324+) and (4.5.4.1991; build 20220329+). Root cause described as an open red...
CVE-2021-44053
CVE-2021-44053 is a cross-site scripting (XSS) vulnerability affecting QNAP devices running QTS, QuTS hero, and QuTScloud. The issue allows remote attackers to inject malicious code. Fixed in QTS 4.5.4.1991 build 20220329 and later, QTS 5.0.0.1986 build 20220324 and later, QuTS hero h5.0.0.1986 b...
CVE-2021-44053 Reflected XSS
A cross-site scripting XSS vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and...
CVE-2021-44052 Arbitrary file read
An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...
CVE-2021-44052
CVE-2021-44052 affects QNAP devices running QuTScloud, QuTS hero, and QTS. It is an improper link resolution before file access ("link following") vulnerability that could allow remote attackers to traverse the file system and read or overwrite files in unintended locations. Affected components a...
CVE-2021-44051 Command injection
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:...
CVE-2021-44051
CVE-2021-44051 affects QNAP NAS running QTS, QuTS hero, and QuTScloud (remote command execution via a command-injection flaw). The NVD entry lists CVSS v3.1 base score 8.8 (high) with network access, low attack complexity, and no user interaction required; impact to confidentiality, integrity, an...