Page 5 of 115 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta Proxy Server. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) y posteriores. • https://www.qnap.com/en/security-advisory/qsa-22-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo QNAP que ejecuta Proxy Server. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) y posteriores. • https://www.qnap.com/en/security-advisory/qsa-22-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta a QTS, QuTS hero y QuTScloud. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QTS, QuTS hero y QuTScloud: QuTS hero h4.5.4.1771 build 20210825 y posteriores QTS 4.5.4.1787 build 20210910 y posteriores QuTScloud c4.5.7.1864 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Surveillance Station: QTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later QTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later QTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later QTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later QTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later Se ha informado de una vulnerabilidad de desbordamiento del búfer de la pila que afecta al NAS de QNAP que ejecuta Surveillance Station. Si es explotado, esta vulnerabilidad permite a atacantes ejecutar código arbitrario. Ya hemos solucionado esta vulnerabilidad en las siguientes versiones de Surveillance Station: QTS versiones 5.0.0 (64 bits): Surveillance Station versiones 5.2.0.4.2 (26/10/2021) y posteriores QTS versiones 5.0.0 (32 bits): Surveillance Station versiones 5.2.0.3.2 (26/10/2021) y posteriores QTS versiones 4.3.6 (64 bits): Surveillance Station versiones 5.1.5.4.6 (26/10/2021) y posteriores QTS versiones 4.3.6 (32 bits): Surveillance Station versiones 5.1.5.3.6 (26/10/2021) y posteriores QTS versiones 4.3.3: Surveillance Station versiones 5.1.5.3.6 (26/10/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-46 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.7EPSS: 0%CPEs: 9EXPL: 0

A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later Se ha informado de una vulnerabilidad de inyección de comandos que afecta al dispositivo QNAP que ejecuta el complemento Media Streaming. Si es explotado, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones del complemento Media Streaming: QTS 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.5.4: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores QTS 4.3.6: Media Streaming add-on 430.1.8.12 (20/08/2021) y posteriores QTS 4.3.3: Media Streaming add-on 430.1.8.12 (29/09/2021) y posteriores QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 (20/08/2021) y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-44 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •