CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0718
https://notcve.org/view.php?id=CVE-2018-0718
14 Sep 2018 — Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Music Station en versiones 5.1.2 y anteriores en QNAP QTS 4.3.3 y 4.3.4 podría permitir que atacantes remotos ejecuten comandos arbitrarios en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-14 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0714
https://notcve.org/view.php?id=CVE-2018-0714
13 Aug 2018 — Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Helpdesk en versiones 1.1.21 y anteriores en QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 y sus versiones anteriores podría permitir que los atacantes remotos ej... • https://www.qnap.com/zh-tw/security-advisory/nas-201808-13 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13072
https://notcve.org/view.php?id=CVE-2017-13072
21 Jun 2018 — Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. Vulnerabilidad Cross-Site Scripting (XSS) en App Center en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223 y sus versiones anteriores podría permitir que los atacantes remotos inyecten código JavaScript. • https://www.qnap.com/en/security-advisory/nas-201805-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0712
https://notcve.org/view.php?id=CVE-2018-0712
21 Jun 2018 — Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. Vulnerabilidad de inyección de comandos en LDAP Server en QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios o instalen malware en el NAS... • http://www.securitytracker.com/id/1041141 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2018-0711
https://notcve.org/view.php?id=CVE-2018-0711
30 Apr 2018 — Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. Vulnerabilidad Cross-Site Scripting (XSS) en QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315,y sus versiones anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. • http://www.securitytracker.com/id/1040779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7632
https://notcve.org/view.php?id=CVE-2017-7632
27 Mar 2018 — Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad de Cross-Site Scripting (XSS) en File Station, en QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 y anteriores, permite que atacantes remotos inyecten scripts web o HTML arbitrarios. • https://www.qnap.com/zh-tw/security-advisory/nas-201803-23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7631
https://notcve.org/view.php?id=CVE-2017-7631
27 Mar 2018 — Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad de Cross-Site Scripting (XSS) en la función de compartición de enlaces de File Station, en QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 y anteriores, permite que atacantes remotos inyecten scripts web o HTML arbitrarios. • https://www.qnap.com/zh-tw/security-advisory/nas-201803-23 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7630
https://notcve.org/view.php?id=CVE-2017-7630
27 Mar 2018 — QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi. QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 y anteriores permiten que atacantes remotos obtengan información potencialmente sensible (versión de firmware y servicios en ejecución) mediante una petición en sysinfoReq.cgi. • https://www.qnap.com/zh-tw/security-advisory/nas-201803-23 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7641
https://notcve.org/view.php?id=CVE-2017-7641
08 Mar 2018 — QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. El add-on Media Streaming de la aplicación NAS de QNAP en versiones 421.1.0.2, 430.1.2.0 y anteriores no utiliza medidas de seguridad contra CSRF. • https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7634
https://notcve.org/view.php?id=CVE-2017-7634
08 Mar 2018 — Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page. Vulnerabilidad Cross-Site Scripting (XSS) en el add-on Media Streaming de la aplicación NAS de QNAP, en versiones 421.1.0.2, 430.1.2.0 y anteriores, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios. El código iny... • https://www.qnap.com/zh-tw/security-advisory/nas-201803-08 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •