CVSS: 9.0EPSS: 17%CPEs: 1EXPL: 5CVE-2018-0708 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0708
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en networking en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://www.exploit-db.com/exploits/45015 http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 8%CPEs: 1EXPL: 5CVE-2018-0710 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0710
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en SSH en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://www.exploit-db.com/exploits/45015 http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13072
https://notcve.org/view.php?id=CVE-2017-13072
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. Vulnerabilidad Cross-Site Scripting (XSS) en App Center en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223 y sus versiones anteriores podría permitir que los atacantes remotos inyecten código JavaScript. • https://www.qnap.com/en/security-advisory/nas-201805-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0712
https://notcve.org/view.php?id=CVE-2018-0712
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. Vulnerabilidad de inyección de comandos en LDAP Server en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios o instalen malware en el NAS. • http://www.securitytracker.com/id/1041141 https://www.qnap.com/zh-tw/security-advisory/nas-201806-19 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7637
https://notcve.org/view.php?id=CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. El servidor proxy de la aplicación NAS de QNAP hasta la versión 1.2.0 permite que los atacantes remotos ejecuten comandos arbitrarios del sistema operativo contra el sistema con privilegios root. • http://www.securitytracker.com/id/1041025 https://www.qnap.com/en/security-advisory/nas-201806-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •