Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.11 views

Qnap QTS Path Traversal (CVE-2018-19945)

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

9.1CVSS8.2AI score0.0111EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

QNAP QTS Command Injection (QSA-23-35)

The version of QNAP QTS installed on the remote host is affected by a vulnerability as referenced in the QSA-23-35 advisory. - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute...

9.8CVSS8.8AI score0.14405EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/03 4:34 p.m.31 views

CVE-2023-23369 QTS, Multimedia Console, and Media Streaming add-on

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 2023/05/04 and...

9CVSS9.9AI score0.14405EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/22 3:50 a.m.22 views

CVE-2023-23363 QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

8.1CVSS10AI score0.00765EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/22 3:50 a.m.11 views

CVE-2023-23363 QTS

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 bui...

8.1CVSS7.7AI score0.00765EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/08 7:40 a.m.30 views

CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...

9.8CVSS9.5AI score0.15802EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/13 2:55 a.m.36 views

CVE-2021-28799 Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.5AI score0.78395EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/22 12:0 a.m.76 views

CVE-2021-28799

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS9.3AI score0.78395EPSS
In wildExploits0References2
NVD
NVD
added 2020/12/31 5:15 p.m.16 views

CVE-2018-19945

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

9.1CVSS9.2AI score0.0111EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/31 4:33 p.m.19 views

CVE-2018-19945 Improper Limitation of a Pathname to a Restricted Directory in QTS

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerabilit...

9.2AI score0.0111EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/12/10 3:34 a.m.19 views

CVE-2020-2491 Cross-site Scripting Vulnerability in Photo Station

This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo...

6AI score0.00981EPSS
Exploits0References1
CVE
CVE
added 2020/12/10 3:34 a.m.67 views

CVE-2020-2491

CVE-2020-2491 is a cross-site scripting (XSS) vulnerability in QNAP Photo Station . The CVE applies to QTS/QuTS installations that include Photo Station and can allow remote attackers to inject malicious code via Photo Station components. The included connected documents confirm affected products...

6.1CVSS6AI score0.00981EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/02/01 6:29 p.m.14 views

CVE-2018-0722

Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device...

7.5CVSS7.4AI score0.01741EPSS
Exploits0References1
Prion
Prion
added 2018/11/30 2:29 p.m.14 views

Cross site scripting

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

4.3CVSS6.1AI score0.00772EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/11/30 2:0 p.m.22 views

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

6.2AI score0.00772EPSS
Exploits0References1
Prion
Prion
added 2018/11/28 4:29 p.m.16 views

Authorization

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS...

7.8CVSS7.5AI score0.01284EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/11/28 4:0 p.m.21 views

CVE-2018-14749

Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS...

9.8AI score0.01185EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/28 4:0 p.m.23 views

CVE-2018-14747

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server...

8AI score0.01258EPSS
Exploits0References1
NVD
NVD
added 2018/06/21 1:29 p.m.16 views

CVE-2017-13072

Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code...

6.1CVSS6.1AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/21 1:0 p.m.17 views

CVE-2017-13072

Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code...

6.1AI score0.00772EPSS
Exploits0References1
Rows per page
Query Builder