CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34977 – Video Station
https://notcve.org/view.php?id=CVE-2023-34977
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later Se ha informado que una vulnerabilidad de Cross-Site Scripting (XSS) afecta a Video Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versión: Video Station 5.7.0 (2023/07/27) y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34976 – Video Station
https://notcve.org/view.php?id=CVE-2023-34976
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later Se ha informado que una vulnerabilidad de inyección SQL afecta a Video Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versión: Video Station 5.7.0 (2023/07/27) y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-52 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34975 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-34975
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a Video Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versión: Video Station 5.7.0 (2023/07/27) y posteriores • https://www.qnap.com/en/security-advisory/qsa-24-12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44056 – Improper authentication in Video Station
https://notcve.org/view.php?id=CVE-2021-44056
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Video Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Video Station: Video Station 5.5.9 y posteriores Video Station 5.3.13 y posteriores Video Station 5.1.8 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44055 – Information leakage in Video Station
https://notcve.org/view.php?id=CVE-2021-44055
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later Se ha informado de una vulnerabilidad de falta de autorización que afecta al dispositivo de QNAP que ejecuta Video Station. Si es explotada, esta vulnerabilidad permite a atacantes remotos acceder a los datos o llevar a cabo acciones que no deberían estar permitidas. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Video Station: Video Station 5.5.9 ( 2022/02/16 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-862: Missing Authorization •