Lucene search
K

323 matches found

CVE
CVE
added 2021/09/10 4:0 a.m.85 views

CVE-2021-28816

CVE-2021-28816 is a stack-based buffer overflow affecting QNAP QTS, QuTScloud, and QuTS hero. The vulnerability could allow arbitrary code execution if exploited. Affected QTS/QuTS versions fixed include QTS 4.5.4.1715 build 20210630 and later, QTS 5.0.0.1716 build 20210701 and later, QTS 4.3.3.1...

8.8CVSS8.6AI score0.00928EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/09/10 4:0 a.m.30 views

CVE-2018-19957 Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

6.3AI score0.00707EPSS
Exploits0References1
CVE
CVE
added 2021/09/10 4:0 a.m.57 views

CVE-2018-19957

CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...

6.1CVSS6.3AI score0.00707EPSS
Exploits0References1Affected Software3
ThreatPost
ThreatPost
added 2021/08/31 3:8 p.m.67 views

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout

On Monday, QNAP put out two security advisories about OpenSSL remote-code execution and denial-of-service DoS bugs, fixed last week, that affect its network-attached storage NAS devices. The vulnerabilities are tracked as CVE-2021-3711 – a high-severity buffer overflow related to SM2 decryption–...

10CVSS9.1AI score0.87816EPSS
Exploits1References28
NVD
NVD
added 2021/06/16 4:15 a.m.13 views

CVE-2021-28815

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link...

6CVSS0.01711EPSS
Exploits0References1
Prion
Prion
added 2021/06/16 4:15 a.m.17 views

Code injection

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link...

4CVSS4.9AI score0.01711EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/16 4:0 a.m.20 views

CVE-2021-28815 Insecure Storage of Sensitive Information in myQNAPcloud Link

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link...

6CVSS6AI score0.01711EPSS
Exploits0References1
NVD
NVD
added 2021/06/03 3:15 a.m.19 views

CVE-2021-28812

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5....

8.8CVSS0.01553EPSS
Exploits0References1
NVD
NVD
added 2021/06/03 3:15 a.m.14 views

CVE-2021-28807

A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center...

7.7CVSS0.0138EPSS
Exploits1References3
Prion
Prion
added 2021/06/03 3:15 a.m.17 views

Design/Logic Flaw

A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions pri...

3.5CVSS5.2AI score0.00505EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2021/06/03 3:15 a.m.17 views

Command injection

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5....

6.5CVSS9AI score0.01553EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/03 2:45 a.m.14 views

CVE-2021-28807 Post-Authentication Reflected XSS Vulnerability in Q'center

A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center...

7.7CVSS7.4AI score0.0138EPSS
Exploits1References3
CVE
CVE
added 2021/06/03 2:45 a.m.90 views

CVE-2021-28812

CVE-2021-28812 is a command-injection vulnerability affecting QNAP Video Station prior to 5.5.4 on QTS 4.5.2, QuTS hero h4.5.2, and QuTScloud c4.5.4. The issue allows remote attackers to execute arbitrary commands and is exploitable over the network with low attack complexity and no authenticatio...

8.8CVSS9.1AI score0.01553EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/06/03 2:45 a.m.91 views

CVE-2021-28807

CVE-2021-28807 describes a post-authentication reflected XSS vulnerability affecting QNAP NAS when using Q’center. The issue enables an attacker to inject malicious code via the Q’center web interface, with potential remote impact. According to the records, QNAP has issued fixes in multiple versi...

7.7CVSS5.6AI score0.0138EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/05/13 3:15 a.m.2 views

CVE-2021-28799

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

9.8CVSS7.5AI score0.78395EPSS
Exploits0References2
NVD
NVD
added 2021/05/13 3:15 a.m.18 views

CVE-2020-36197

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. Th...

8.8CVSS0.18497EPSS
Exploits2References3
Prion
Prion
added 2021/05/13 3:15 a.m.19 views

Improper access control

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. Th...

5.8CVSS8.6AI score0.18497EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/05/13 2:55 a.m.35 views

CVE-2021-28799 Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.5AI score0.78395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/22 12:0 a.m.76 views

CVE-2021-28799

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.3AI score0.78395EPSS
In wildExploits0References2
NVD
NVD
added 2021/04/16 1:15 a.m.17 views

CVE-2018-19942

A cross-site scripting XSS vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 and later QTS...

6.1CVSS0.00746EPSS
Exploits0References1
Rows per page
Query Builder