Page 14 of 80 results (0.026 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. Vulnerabilidad de autorización incorrecta en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos apaguen el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-863: Incorrect Authorization •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. Vulnerabilidad de desbordamiento de búfer en dispositivos NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. Vulnerabilidad de scripting entre sitios (XSS) en dispositivos NAS de QNAP Systems Inc. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Music Station en versiones 5.1.2 y anteriores en QNAP QTS 4.3.3 y 4.3.4 podría permitir que atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-14 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Helpdesk en versiones 1.1.21 y anteriores en QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201808-13 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •