Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.16 views

Qnap QTS Cross-site Scripting (CVE-2018-19942)

A cross-site scripting XSS vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 and later QTS...

6.1CVSS5.8AI score0.00746EPSS
Exploits0References2
NVD
NVD
added 2024/09/06 5:15 p.m.38 views

CVE-2023-39300

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS...

7.2CVSS0.01212EPSS
Exploits0References1
Saint
Saint
added 2024/03/08 12:0 a.m.376 views

QNAP QTS quick.cgi command execution

Added: 03/08/2024 Background QNAP is an operating system for Network Attached Storage NAS devices. QTS QNAP Turbo NAS System is the Turbo NAS Operating System for entry and mid-level QNAP NAS. Problem A vulnerability in the quick.cgi component in uninitialized QNAP NAS devices allows remote...

8.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.24 views

QNAP QTS Command Injection (QSA-23-35)

The version of QNAP QTS installed on the remote host is affected by a vulnerability as referenced in the QSA-23-35 advisory. - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute...

9.8CVSS8.8AI score0.14405EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/03 4:34 p.m.32 views

CVE-2023-23369 QTS, Multimedia Console, and Media Streaming add-on

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 2023/05/04 and...

9CVSS9.9AI score0.14405EPSS
Exploits0References1
NVD
NVD
added 2023/09/22 4:15 a.m.24 views

CVE-2023-23363

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

9.8CVSS8.9AI score0.00765EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/22 3:50 a.m.22 views

CVE-2023-23363 QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

8.1CVSS10AI score0.00765EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/22 3:50 a.m.11 views

CVE-2023-23363 QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

8.1CVSS7.7AI score0.00765EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/08 12:0 a.m.63 views

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

10CVSS9.8AI score0.87908EPSS
In wildExploits0References2
NVD
NVD
added 2020/12/10 4:15 a.m.31 views

CVE-2020-2497

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build...

6.1CVSS6.2AI score0.00973EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/10 3:34 a.m.19 views

CVE-2020-2491 Cross-site Scripting Vulnerability in Photo Station

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo...

6AI score0.00981EPSS
Exploits0References1
CVE
CVE
added 2020/12/10 3:34 a.m.67 views

CVE-2020-2491

CVE-2020-2491 is a cross-site scripting (XSS) vulnerability in QNAP Photo Station . The CVE applies to QTS/QuTS installations that include Photo Station and can allow remote attackers to inject malicious code via Photo Station components. The included connected documents confirm affected products...

6.1CVSS6AI score0.00981EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/10/28 6:15 p.m.5 views

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...

5.4CVSS5.8AI score0.17705EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/10/28 5:55 p.m.22 views

CVE-2018-19953

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on buil...

6.5AI score0.23894EPSS
Exploits0References1
CVE
CVE
added 2020/10/28 5:55 p.m.1001 views

CVE-2018-19943

CVE-2018-19943 affects QNAP QTS File Station across multiple versions. The vulnerability is a cross-site scripting flaw that, if exploited, could allow remote attackers to inject malicious code. Public details from NVD and Nessus indicate QTS fixes have been released in several versions (e.g., QT...

8CVSS5.5AI score0.17705EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/10/28 12:0 a.m.33 views

CVE-2018-19949

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build...

9.8CVSS6AI score0.24449EPSS
In wildExploits0References2
NVD
NVD
added 2019/02/01 6:29 p.m.14 views

CVE-2018-0722

Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device...

7.5CVSS7.4AI score0.01741EPSS
Exploits0References1
Prion
Prion
added 2018/11/30 2:29 p.m.14 views

Cross site scripting

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

4.3CVSS6.1AI score0.00772EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/11/30 2:29 p.m.20 views

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

6.1CVSS6.2AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/30 2:0 p.m.22 views

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

6.2AI score0.00772EPSS
Exploits0References1
Rows per page
Query Builder