Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.18 views

Qnap QTS SQL Injection (CVE-2020-36195)

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedi...

9.8CVSS8.8AI score0.01765EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

QNAP QTS Command Injection (QSA-23-35)

The version of QNAP QTS installed on the remote host is affected by a vulnerability as referenced in the QSA-23-35 advisory. - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute...

9.8CVSS8.8AI score0.14405EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/03 4:34 p.m.31 views

CVE-2023-23369 QTS, Multimedia Console, and Media Streaming add-on

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 2023/05/04 and...

9CVSS9.9AI score0.14405EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/22 3:50 a.m.22 views

CVE-2023-23363 QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

8.1CVSS10AI score0.00765EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/22 3:50 a.m.11 views

CVE-2023-23363 QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

8.1CVSS7.7AI score0.00765EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/08 12:0 a.m.63 views

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

10CVSS9.8AI score0.87908EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2021/12/29 1:5 p.m.25 views

CVE-2021-38687 Stack Overflow Vulnerability in Surveillance Station

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 64 bit:...

8.1CVSS10AI score0.0128EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/10 4:0 a.m.26 views

CVE-2021-34344 Stack Buffer Overflow Vulnerability in QUSBCam2

A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 2021/07/30 and lat...

9.8CVSS10AI score0.01579EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/08 7:40 a.m.30 views

CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...

9.8CVSS9.5AI score0.15802EPSS
Exploits0References2
Prion
Prion
added 2021/06/03 3:15 a.m.17 views

Command injection

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5....

6.5CVSS9AI score0.01553EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/03 2:45 a.m.16 views

CVE-2021-28807 Post-Authentication Reflected XSS Vulnerability in Q'center

A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center...

7.7CVSS7.4AI score0.0138EPSS
Exploits1References3
CVE
CVE
added 2021/06/03 2:45 a.m.91 views

CVE-2021-28807

CVE-2021-28807 describes a post-authentication reflected XSS vulnerability affecting QNAP NAS when using Q’center. The issue enables an attacker to inject malicious code via the Q’center web interface, with potential remote impact. According to the records, QNAP has issued fixes in multiple versi...

7.7CVSS5.6AI score0.0138EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/05/13 2:55 a.m.36 views

CVE-2021-28799 Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.5AI score0.78395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/22 12:0 a.m.76 views

CVE-2021-28799

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.3AI score0.78395EPSS
In wildExploits0References2
NVD
NVD
added 2021/04/17 4:15 a.m.28 views

CVE-2020-36195

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedi...

9.8CVSS0.01765EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/17 3:50 a.m.26 views

CVE-2020-36195 SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedi...

9.8CVSS9.7AI score0.01765EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/16 12:0 a.m.75 views

CVE-2020-36195

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedi...

9.8CVSS5.3AI score0.01765EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2020/12/10 3:34 a.m.18 views

CVE-2020-2491 Cross-site Scripting Vulnerability in Photo Station

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo...

6AI score0.00981EPSS
Exploits0References1
CVE
CVE
added 2020/12/10 3:34 a.m.67 views

CVE-2020-2491

CVE-2020-2491 is a cross-site scripting (XSS) vulnerability in QNAP Photo Station . The CVE applies to QTS/QuTS installations that include Photo Station and can allow remote attackers to inject malicious code via Photo Station components. The included connected documents confirm affected products...

6.1CVSS6AI score0.00981EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/02/01 6:29 p.m.13 views

CVE-2018-0722

Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device...

7.5CVSS7.4AI score0.01741EPSS
Exploits0References1
Rows per page
Query Builder