Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qnap Subscribe
Filtered by product Nas
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34358 1 Qnap 2 Nas, Qmailagent 2021-11-23 6.8 MEDIUM 8.8 HIGH
We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later
CVE-2021-38681 1 Qnap 2 Nas, Ragic Cloud Db 2021-11-23 4.3 MEDIUM 5.4 MEDIUM
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
CVE-2021-34357 1 Qnap 2 Nas, Qmailagent 2021-11-16 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later
CVE-2021-34354 1 Qnap 2 Nas, Photo Station 2021-10-04 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later
CVE-2021-34356 1 Qnap 2 Nas, Photo Station 2021-10-04 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later
CVE-2021-38675 1 Qnap 2 Image2pdf, Nas 2021-10-04 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later
CVE-2021-34355 1 Qnap 2 Nas, Photo Station 2021-10-04 3.5 LOW 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later
CVE-2021-28797 1 Qnap 2 Nas, Surveillance Station 2021-04-21 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
CVE-2020-2501 1 Qnap 2 Nas, Surveillance Station 2021-02-22 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)
CVE-2013-0142 1 Qnap 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder 2013-06-09 5.0 MEDIUM N/A
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors.
CVE-2013-0143 1 Qnap 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder 2013-06-09 6.5 MEDIUM N/A
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.