Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38681 | 1 Qnap | 2 Nas, Ragic Cloud Db | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. | |||||
CVE-2021-38675 | 1 Qnap | 2 Image2pdf, Nas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | |||||
CVE-2021-34358 | 1 Qnap | 2 Nas, Qmailagent | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | |||||
CVE-2021-34357 | 1 Qnap | 2 Nas, Qmailagent | 2024-11-21 | 4.3 MEDIUM | 6.9 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | |||||
CVE-2021-34356 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
CVE-2021-34355 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
CVE-2021-34354 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
CVE-2021-28797 | 1 Qnap | 2 Nas, Surveillance Station | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) | |||||
CVE-2020-2501 | 1 Qnap | 2 Nas, Surveillance Station | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) | |||||
CVE-2013-0143 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2024-11-21 | 6.5 MEDIUM | N/A |
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | |||||
CVE-2013-0142 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2024-11-21 | 5.0 MEDIUM | N/A |
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. |