CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2021-44053 – Reflected XSS
https://notcve.org/view.php?id=CVE-2021-44053
05 May 2022 — A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later Se... • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 19EXPL: 0CVE-2021-44052 – Arbitrary file read
https://notcve.org/view.php?id=CVE-2021-44052
05 May 2022 — An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS her... • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2021-44051 – Command injection
https://notcve.org/view.php?id=CVE-2021-44051
05 May 2022 — A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later Se ha informado de una vulnerabilidad de inyección de comandos que afecta a los NAS de QNAP que ejec... • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38693 – Path Traversal in thttpd
https://notcve.org/view.php?id=CVE-2021-38693
05 May 2022 — A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 202203... • https://www.qnap.com/en/security-advisory/qsa-22-13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38674 – Reflected XSS Vulnerability in TFTP
https://notcve.org/view.php?id=CVE-2021-38674
07 Jan 2022 — A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta a QTS, QuTS hero y QuTScl... • https://www.qnap.com/en/security-advisory/qsa-21-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34343 – Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud
https://notcve.org/view.php?id=CVE-2021-34343
10 Sep 2021 — A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later Se ha reportado de una vulnerabilidad de desbordamiento del búfer ... • https://www.qnap.com/en/security-advisory/qsa-21-33 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28816 – Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud
https://notcve.org/view.php?id=CVE-2021-28816
10 Sep 2021 — A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210... • https://www.qnap.com/en/security-advisory/qsa-21-33 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-19957 – Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
https://notcve.org/view.php?id=CVE-2018-19957
10 Sep 2021 — A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later Se ha reportado de una vulnerabilidad que implica encabezados de seguridad HTTP insuficien... • https://www.qnap.com/en/security-advisory/qsa-21-03 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-28804 – Command Injection Vulnerabilities in QTS and QuTS hero
https://notcve.org/view.php?id=CVE-2021-28804
01 Jul 2021 — A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. • https://www.qnap.com/zh-tw/security-advisory/qsa-21-29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-28802 – Command Injection Vulnerabilities in QTS and QuTS hero
https://notcve.org/view.php?id=CVE-2021-28802
01 Jul 2021 — A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. • https://www.qnap.com/zh-tw/security-advisory/qsa-21-29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •