Page 5 of 26 results (0.004 seconds)

CVSS: 10.0EPSS: 58%CPEs: 11EXPL: 0

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de recursos de referencia controlada externamente afecta al QNAP NAS que ejecuta Photo Station. Si se explota, esto podría permitir a un atacante modificar los archivos del sistema. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS versiones 5.0.1: Photo Station versiones 6.1.2 y posteriores QTS versiones 5.0.0/4.5.x: Photo Station versiones 6.0.22 y posteriores QTS versiones 4.3.6: Photo Station versiones 5.7.18 y posteriores QTS versiones 4.3.3: Photo Station versiones 5.4.15 y posteriores QTS versiones 4.2.6: Photo Station versiones 5.2.14 y posteriores Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0

An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later Se ha informado de una vulnerabilidad de redireccionamiento abierto que afecta al dispositivo de QNAP que ejecuta QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes redirigir a usuarios a una página no confiable que contiene malware. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1949 y posteriores QuTS hero h5.0.0.1949 build 20220215 y posteriores QuTS hero h4.5.4.1951 build 20220218 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores QTS 4.5.4.1991 build 20220329 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta al dispositivo de QNAP que ejecuta QTS, QuTS hero y QuTScloud. Si es explotada, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QTS, QuTS hero y QuTScloud: QTS 4.5.4.1991 build 20220329 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QuTS hero h4.5.4.1971 build 20220310 y posteriores QuTScloud c5.0.1.1949 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 19EXPL: 0

An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later Se ha informado de una vulnerabilidad de resolución de enlaces inapropiada antes del acceso a los archivos ("Link Following") que afecta a los dispositivos QNAP que ejecutan QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes remotos saltar el sistema de archivos hasta ubicaciones no deseadas y leer o sobrescribir el contenido de archivos no esperados. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1998 y posteriores QuTS hero h4.5.4.1971 build 20220310 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QTS 4.3.4.1976 build 20220303 y posteriores QTS 4.3.3. 1945 build 20220303 y posteriores QTS 4.2.6 build 20220304 y posteriores QTS 4.3.6.1965 build 20220302 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores QTS 4.5.4.1991 build 20220329 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later Se ha informado de una vulnerabilidad de inyección de comandos que afecta a los NAS de QNAP que ejecutan QuTScloud, QuTS hero y QTS. Si es explotada, esta vulnerabilidad permite a atacantes remotos ejecutar comandos arbitrarios. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QuTScloud, QuTS hero y QTS: QuTScloud c5.0.1.1949 y posteriores QuTS hero h5.0.0.1986 build 20220324 y posteriores QTS 5.0.0.1986 build 20220324 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-16 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •