CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45038 – Music Station
https://notcve.org/view.php?id=CVE-2023-45038
06 Sep 2024 — An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerabil... • https://www.qnap.com/en/security-advisory/qsa-24-25 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50360 – Video Station
https://notcve.org/view.php?id=CVE-2023-50360
06 Sep 2024 — A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the ... • https://www.qnap.com/en/security-advisory/qsa-24-24 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47563 – Video Station
https://notcve.org/view.php?id=CVE-2023-47563
06 Sep 2024 — An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following... • https://www.qnap.com/en/security-advisory/qsa-24-24 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21904 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-21904
06 Sep 2024 — A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerabil... • https://www.qnap.com/en/security-advisory/qsa-24-23 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27592 – QVR Smart Client
https://notcve.org/view.php?id=CVE-2022-27592
06 Sep 2024 — An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnera... • https://www.qnap.com/en/security-advisory/qsa-24-22 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27126 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-27126
06 Sep 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vul... • https://www.qnap.com/en/security-advisory/qsa-24-21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27122 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-27122
06 Sep 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vul... • https://www.qnap.com/en/security-advisory/qsa-24-21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21903 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-21903
06 Sep 2024 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could ... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21898 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-21898
06 Sep 2024 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow aut... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21897 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-21897
06 Sep 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability ... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •