Filtered by vendor Qnap
Subscribe
Search
Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0710 | 1 Qnap | 1 Q\'center | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
| CVE-2018-0708 | 1 Qnap | 1 Q\'center | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
| CVE-2018-0707 | 1 Qnap | 1 Q\'center | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
| CVE-2018-0706 | 1 Qnap | 1 Q\'center | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. | |||||
| CVE-2018-14748 | 1 Qnap | 1 Qts | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. | |||||
| CVE-2018-0709 | 1 Qnap | 1 Q\'center | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
| CVE-2019-7181 | 1 Qnap | 1 Myqnapcloud | 2019-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. | |||||
| CVE-2018-0722 | 1 Qnap | 2 Photo Station, Qts | 2019-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | |||||
| CVE-2018-14747 | 1 Qnap | 1 Qts | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. | |||||
| CVE-2017-7635 | 1 Qnap | 1 Nas Proxy Server | 2018-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. | |||||
| CVE-2017-7633 | 1 Qnap | 1 Qfinder Pro | 2018-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. | |||||
| CVE-2017-7641 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2018-03-27 | 6.8 MEDIUM | 8.8 HIGH |
| QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. | |||||
| CVE-2017-13070 | 1 Qnap | 1 Qsync | 2017-12-26 | 9.3 HIGH | 7.8 HIGH |
| A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | |||||
| CVE-2017-13068 | 1 Qnap | 1 Qts Helpdesk | 2017-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | |||||
| CVE-2017-5227 | 1 Qnap | 1 Qts | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. | |||||
| CVE-2017-7629 | 1 Qnap | 1 Qts | 2017-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | |||||
| CVE-2015-7262 | 1 Qnap | 2 Iartist Lite, Signage Station | 2016-03-11 | 8.5 HIGH | 7.5 HIGH |
| QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot. | |||||
| CVE-2015-6022 | 1 Qnap | 1 Signage Station | 2016-03-08 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | |||||
| CVE-2015-6036 | 1 Qnap | 1 Sinage Station | 2016-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | |||||