CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14747
https://notcve.org/view.php?id=CVE-2018-14747
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. Vulnerabilidad de desreferencia de puntero NULL en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14748
https://notcve.org/view.php?id=CVE-2018-14748
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. Vulnerabilidad de autorización incorrecta en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos apaguen el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2018-0711
https://notcve.org/view.php?id=CVE-2018-0711
Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315,y sus versiones anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. • http://www.securitytracker.com/id/1040779 https://www.qnap.com/zh-tw/security-advisory/nas-201804-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •