Qnap Qts
20 CVEs affecting Qnap Qts. Latest disclosed: 2018-04-30. Critical: 14, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7876 | Critical | 10.0 | 2017-06-15 | This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS… |
CVE-2017-17033 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 an… |
CVE-2017-17032 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 an… |
CVE-2017-17031 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 an… |
CVE-2017-17030 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and e… |
CVE-2017-17029 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and e… |
CVE-2017-17028 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 2017… |
CVE-2017-17027 | Critical | 9.8 | 2017-12-21 | A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earl… |
CVE-2017-13071 | Critical | 9.8 | 2017-11-22 | QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS… |
CVE-2017-10700 | Critical | 9.8 | 2017-09-19 | In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS ap… |
CVE-2017-13067 | Critical | 9.8 | 2017-09-14 | QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 bui… |
CVE-2017-6361 | Critical | 9.8 | 2017-03-23 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. |
CVE-2017-6360 | Critical | 9.8 | 2017-03-23 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. |
CVE-2017-6359 | Critical | 9.8 | 2017-03-23 | QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. |
CVE-2017-7629 | High | 7.5 | 2017-06-15 | QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. |
CVE-2017-5227 | High | 7.5 | 2017-03-23 | QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within t… |
CVE-2015-5664 | Medium | 6.1 | 2016-07-03 | Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecifie… |
CVE-2018-0711 | | 2018-04-30 | Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to… | |
CVE-2015-6003 | | 2015-10-16 | Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to re… | |
CVE-2013-7174 | | 2014-01-09 | Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f p… |