qnap

613 tracked vulnerabilities.

CVE-2021-28810 HIGH
Roon Server < 2021-05-18 - Authentication Bypass
Jun 08, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-28812 HIGH
QNAP Video Station < 5.5.4 - Remote Command Injection
Jun 03, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-28807 HIGH
QNAP Q'center < 1.12.1012 - Authenticated Reflected Cross-Site Scripting
Jun 03, 2021
CVSS 7.7
EPSS 0.00
CVE-2021-28806 MEDIUM
QNAP QTS < 4.5.3.1652 and QuTS hero < h4.5.2.1638 and QuTScloud < c4.5.5.1656 - DOM-based Cross-Site Scripting
Jun 03, 2021
CVSS 5.7
EPSS 0.00
CVE-2021-28798 HIGH
QNAP QTS 4.3.2.0144-4.3.3.1624 and QuTS hero < h4.5.2.1638 - Relative Path Traversal
May 21, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-28799 CRITICAL KEVNUCLEI
QNAP HBS 3 - Broken Access Control
May 13, 2021
CVSS 10.0
EPSS 0.91
CVE-2021-28797 CRITICAL
QNAP Surveillance Station < 5.1.5.3.3 - Stack-based Buffer Overflow
Apr 14, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-36196 MEDIUM
QuLog Center < 1.2.0 - Stored Cross-Site Scripting
Jul 01, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-36194 MEDIUM
QNAP QTS < 4.5.2.1566 and QuTS hero < h4.5.2.1638 - Cross-Site Scripting
Jul 01, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-36198 MEDIUM
QNAP Malware Remover < 4.6.1.0 - Remote Command Injection
May 13, 2021
CVSS 6.7
EPSS 0.01
CVE-2020-36197 HIGH
QNAP Music Station < 5.3.16 - Improper Access Control
May 13, 2021
CVSS 7.1
EPSS 0.03
CVE-2020-36195 CRITICAL
QNAP QTS - SQL Injection via Multimedia Console or Media Streaming Add-on
Apr 17, 2021
CVSS 9.8
EPSS 0.00
CVE-2020-2509 CRITICAL KEV
QTS < 4.2.6 - OS Command Injection
Apr 17, 2021
CVSS 9.8
EPSS 0.84
CVE-2020-2502 MEDIUM
QNAP Photo Station < 6.0.11 - Cross-Site Scripting
Feb 17, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-2501 CRITICAL
QNAP Surveillance Station < 5.1.5.3.3 - Stack-based Buffer Overflow
Feb 17, 2021
CVSS 9.8
EPSS 0.04
CVE-2020-2507 CRITICAL
QNAP Helpdesk < 3.0.3 - Remote Command Injection
Feb 03, 2021
CVSS 9.8
EPSS 0.05
CVE-2020-2506 HIGH KEV
QNAP Helpdesk < 3.0.3 - Improper Access Control
Feb 03, 2021
CVSS 7.3
EPSS 0.18
CVE-2020-2508 HIGH
QNAP QTS < 4.5.1.1456 and QuTS hero < h4.5.1.1472 - OS Command Injection
Jan 11, 2021
CVSS 7.2
EPSS 0.02
CVE-2020-25847 HIGH
QNAP QTS < 4.5.1.1495 and QuTS hero < h4.5.1.1491 - OS Command Injection
Dec 29, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-2505 LOW
QNAP QES < 2.1.1 - Information Disclosure via Error Message Generation
Dec 24, 2020
CVSS 2.3
EPSS 0.00
CVE-2020-2504 MEDIUM
QNAP QES < 2.1.1 - Path Traversal in File Station
Dec 24, 2020
CVSS 5.8
EPSS 0.00
CVE-2020-2503 CRITICAL
QNAP QES < 2.1.1 - Stored Cross-Site Scripting in File Station
Dec 24, 2020
CVSS 9.0
EPSS 0.00
CVE-2020-2499 MEDIUM
QES < 2.1.1 - Unauthenticated Hard-Coded Password Bypass
Dec 24, 2020
CVSS 6.3
EPSS 0.00
CVE-2020-2498 MEDIUM
QNAP QTS and QuTS hero - Stored Cross-Site Scripting in Certificate Configuration
Dec 10, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-2497 MEDIUM
QNAP QTS and QuTS hero - Stored Cross-Site Scripting in System Connection Logs
Dec 10, 2020
CVSS 6.1
EPSS 0.00
Products
qts 272 quts_hero 223 qsync_central 62 qutscloud 62 file_station 48 photo_station 26 video_station 15 media_streaming_add-on 13 music_station 13 qurouter 12 helpdesk 11 qumagie 10 qvr 10 qulog_center 8 nas_proxy_server 7 q\'center 7 hybrid_backup_sync 6 notes_station_3 6 qvr_pro 6 license_center 5 multimedia_console 5 qunetswitch 5 qvr_elite 5 qvr_guard 5 qes 4 download_station 3 qcalagent 3 qufirewall 3 qvp-21a_firmware 3 qvp-41a_firmware 3
Quick Filters
Critical CVEs With Exploits In CISA KEV