CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34977 – Video Station
https://notcve.org/view.php?id=CVE-2023-34977
13 Oct 2023 — A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later Se ha informado que una vulnerabilidad de Cross-Site Scripting (XSS) afecta a Video Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una... • https://www.qnap.com/en/security-advisory/qsa-23-52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34976 – Video Station
https://notcve.org/view.php?id=CVE-2023-34976
13 Oct 2023 — A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later Se ha informado que una vulnerabilidad de inyección SQL afecta a Video Station. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados inyectar código malicioso a través de una red. Ya se ha solucionado... • https://www.qnap.com/en/security-advisory/qsa-23-52 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34975 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-34975
13 Oct 2023 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a Video Station. Si se explota, la vulnerabilid... • https://www.qnap.com/en/security-advisory/qsa-24-12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44056 – Improper authentication in Video Station
https://notcve.org/view.php?id=CVE-2021-44056
05 May 2022 — An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Video Station. Si es explotada... • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44055 – Information leakage in Video Station
https://notcve.org/view.php?id=CVE-2021-44055
05 May 2022 — An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later Se ha informado de una vulnerabilidad de falta de autorización que afecta al dispositivo de QNAP que ejecuta Video Station. Si es explotada, esta... • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28812 – Command Injection Vulnerability in Video Station
https://notcve.org/view.php?id=CVE-2021-28812
03 Jun 2021 — A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. • https://www.qnap.com/zh-tw/security-advisory/qsa-21-21 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33181
https://notcve.org/view.php?id=CVE-2021-33181
01 Jun 2021 — Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente webapi en Synology Video Station versiones anteriores a 2.4.10-1632, permite a usuarios autenticados remotos enviar peticiones arbitrarias a los recursos de la intranet por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_04 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7184
https://notcve.org/view.php?id=CVE-2019-7184
05 Dec 2019 — This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Video Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda ac... • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-13071
https://notcve.org/view.php?id=CVE-2017-13071
22 Nov 2017 — QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. QNAP ya ha parcheado esta vulnerabilidad. Este problema de seguridad permite que un atacante remoto ejecute comandos arbitrarios en QNAP Video Station 5.1.3 (para QTS 4.3.3), 5.2.0 (para QTS 4.3.4) y anteriores. • https://www.qnap.com/zh-tw/security-advisory/nas-201711-21 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9556
https://notcve.org/view.php?id=CVE-2017-9556
11 Aug 2017 — Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. Una vulnerabildad de tipo Cross-Site Scripting (XSS) en Video Metadata Editor en Synology Video Station en versiones anteriores a la 2.3.0-1435 permite que atacantes remotos autenticados inyecten script web o HTML arbitrario mediante el parámetro título. • https://www.synology.com/en-global/support/security/Synology_SA_17_39_Video_Station • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •