Filtered by vendor Qnap
Subscribe
Total
191 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7629 | 1 Qnap | 1 Qts | 2017-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | |||||
| CVE-2013-7174 | 1 Qnap | 1 Qts | 2016-12-30 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter. | |||||
| CVE-2015-6003 | 1 Qnap | 1 Qts | 2016-12-07 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | |||||
| CVE-2015-7262 | 1 Qnap | 2 Iartist Lite, Signage Station | 2016-03-11 | 8.5 HIGH | 7.5 HIGH |
| QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot. | |||||
| CVE-2015-7261 | 1 Qnap | 2 Iartist Lite, Signage Station | 2016-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. | |||||
| CVE-2015-6022 | 1 Qnap | 1 Signage Station | 2016-03-08 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | |||||
| CVE-2015-6036 | 1 Qnap | 1 Sinage Station | 2016-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | |||||
| CVE-2014-5457 | 1 Qnap | 8 Ss-839, Ss-839 Firmware, Ts-459u and 5 more | 2014-08-26 | 2.1 LOW | N/A |
| QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. | |||||
| CVE-2013-0144 | 1 Qnap | 1 Viostor Network Video Recorder | 2013-06-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | |||||
| CVE-2013-0143 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2013-06-09 | 6.5 MEDIUM | N/A |
| cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | |||||
| CVE-2013-0142 | 1 Qnap | 3 Nas, Surveillance Station Pro, Viostor Network Video Recorder | 2013-06-09 | 5.0 MEDIUM | N/A |
| QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | |||||