Page 14 of 85 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. Vulnerabilidad Cross-Site Scripting (XSS) en QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 y versiones anteriores podría permitir que atacantes remotos inyecten código JavaScript en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. Vulnerabilidad de desbordamiento de búfer en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría provocar un impacto no especificado en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. Vulnerabilidad de inyección de comandos en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. Vulnerabilidad de desreferencia de puntero NULL en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. Vulnerabilidad de autorización incorrecta en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos apaguen el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-863: Incorrect Authorization •