CVSS: 9.8EPSS: 94%CPEs: 8EXPL: 5CVE-2019-7192 – QNAP Photo Station Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2019-7192
05 Dec 2019 — This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. Esta vulnerabilidad de control de acceso inapropiada permite a atacantes remotos conseguir acceso no autorizado al sistema. Para corregir estas vulnerabilidades, QNAP recomienda actualizar Photo Station a sus últimas versiones. QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution... • https://packetstorm.news/files/id/180599 • CWE-863: Incorrect Authorization •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-7197
https://notcve.org/view.php?id=CVE-2019-7197
04 Dec 2019 — A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version. Ha sido reportado que una vulnerabilidad de tipo cross-site scripting (XSS) almacenado afecta a múltiples versiones de QTS. Si es explotada, esta vulnerabilidad puede permitir a un atacante inyectar y ejecutar scrip... • https://www.qnap.com/zh-tw/security-advisory/nas-201911-26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 0CVE-2018-0730
https://notcve.org/view.php?id=CVE-2018-0730
04 Dec 2019 — This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. Esta vulnerabilidad de inyección de comandos en File Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar QTS a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 10EXPL: 0CVE-2018-0729
https://notcve.org/view.php?id=CVE-2018-0729
04 Dec 2019 — This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de inyección de comandos en Music Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0716
https://notcve.org/view.php?id=CVE-2018-0716
30 Nov 2018 — Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. Vulnerabilidad Cross-Site Scripting (XSS) en QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 y versiones anteriores podría permitir que atacantes remotos inyecten código Ja... • https://www.qnap.com/zh-tw/security-advisory/nas-201811-29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 4%CPEs: 4EXPL: 0CVE-2018-14746
https://notcve.org/view.php?id=CVE-2018-14746
28 Nov 2018 — Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. Vulnerabilidad de inyección de comandos en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14747
https://notcve.org/view.php?id=CVE-2018-14747
28 Nov 2018 — NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. Vulnerabilidad de desreferencia de puntero NULL en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14748
https://notcve.org/view.php?id=CVE-2018-14748
28 Nov 2018 — Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. Vulnerabilidad de autorización incorrecta en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos apaguen el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14749
https://notcve.org/view.php?id=CVE-2018-14749
28 Nov 2018 — Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. Vulnerabilidad de desbordamiento de búfer en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría provocar un impacto no especificado en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2018-0711
https://notcve.org/view.php?id=CVE-2018-0711
30 Apr 2018 — Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315,y sus versiones anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. • http://www.securitytracker.com/id/1040779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •