CVSS: 8.7EPSS: 0%CPEs: 9EXPL: 0CVE-2021-34362 – Command Injection Vulnerability in Media Streaming Add-on
https://notcve.org/view.php?id=CVE-2021-34362
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later Se ha informado de una vulnerabilidad de inyección de comandos que afecta al dispositivo QNAP que ejecuta el complemento Media Streaming. Si es explotado, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones del complemento Media Streaming: QTS 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.5.4: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.3.6: Media Streaming add-on 430.1.8.12 (20/08/2021) y posteriores QTS 4.3.3: Media Streaming add-on 430.1.8.12 (29/09/2021) y posteriores QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-44 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38675 – Stored XSS Vulnerability in Image2PDF
https://notcve.org/view.php?id=CVE-2021-38675
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Image2PDF. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Image2PDF: Image2PDF 2.1.5 (17/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34356 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34356
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34355 – Stored XSS Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34355
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al NAS de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 5.4.10 (19/08/2021) y posteriores, Photo Station 5.7.13 (19/08/2021) y posteriores, Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-34354 – Stored Cross-site Scripting Vulnerability in Photo Station
https://notcve.org/view.php?id=CVE-2021-34354
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later Se ha reportado una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Photo Station. Si es explotado, esta vulnerabilidad permiten a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.18 (01/09/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •