Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28807 | 1 Qnap | 4 Q\'center, Qts, Quts Hero and 1 more | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later | |||||
CVE-2021-28803 | 1 Qnap | 1 Q\'center | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004. | |||||
CVE-2018-0710 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
CVE-2018-0709 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
CVE-2018-0708 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
CVE-2018-0707 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | |||||
CVE-2018-0706 | 1 Qnap | 1 Q\'center | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. |