qnap

613 tracked vulnerabilities.

CVE-2017-17032 CRITICAL
QNAP QTS <4.3.4.0387 - Buffer Overflow
Dec 21, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-17031 CRITICAL
QNAP QTS Buffer Overflow in Password Function
Dec 21, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-17030 CRITICAL
QNAP QTS <4.3.4.0387 - Buffer Overflow
Dec 21, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-17029 CRITICAL
QNAP QTS Remote Code Execution via Login Buffer Overflow
Dec 21, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-17028 CRITICAL
QNAP QTS - Buffer Overflow in External Device Function
Dec 21, 2017
CVSS 9.8
EPSS 0.07
CVE-2017-17027 CRITICAL
QNAP QTS <4.3.4.0387 - Buffer Overflow
Dec 21, 2017
CVSS 9.8
EPSS 0.03
CVE-2017-13070 HIGH
QNAP Qsync for Windows < 4.2.2.0724 - DLL Hijacking
Dec 11, 2017
CVSS 7.8
EPSS 0.00
CVE-2017-13071 CRITICAL
QNAP Video Station <= 5.1.3 (for QTS 4.3.3) and <= 5.2.0 (for QTS 4.3.4) - Remote Command Execution
Nov 22, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-13069 CRITICAL
QNAP Music Station < 4.8.6 - Remote Command Injection
Oct 06, 2017
CVSS 9.8
EPSS 0.06
CVE-2017-13068 HIGH
QNAP QTS Helpdesk < 1.1.12 - Unauthenticated SQL Injection
Oct 06, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-10700 CRITICAL
QNAP QTS - Unauthenticated Remote Code Execution in MediaLibrary Component
Sep 19, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-13067 CRITICAL
QNAP QTS Media Library < 4.2.6/4.3.3.0299 - Unauthenticated RCE via Transcoding
Sep 14, 2017
CVSS 9.8
EPSS 0.51
CVE-2017-12582 CRITICAL
QNAP TS-212P Firmware 4.2.1 build 20160601 - Missing Authorization in Surveillance Station
Aug 18, 2017
CVSS 9.8
EPSS 0.00
CVE-2017-7876 CRITICAL
QTS < 4.2.6 - OS Command Injection
Jun 15, 2017
CVSS 10.0
EPSS 0.07
CVE-2017-7629 HIGH
QNAP QTS < 4.2.6 - Weak Password Recovery Mechanism
Jun 15, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-6361 CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
Mar 23, 2017
CVSS 9.8
EPSS 0.91
CVE-2017-6360 CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
Mar 23, 2017
CVSS 9.8
EPSS 0.80
CVE-2017-6359 CRITICAL
QNAP QTS < 4.2.4 - OS Command Injection
Mar 23, 2017
CVSS 9.8
EPSS 0.61
CVE-2017-5227 HIGH
QNAP QTS < 4.2.4 - Unauthenticated Sensitive Information Exposure via uLinux.conf
Mar 23, 2017
CVSS 7.5
EPSS 0.20
CVE-2015-5664 MEDIUM
QNAP QTS < 4.2.0 - Cross-Site Scripting in File Station
Jul 03, 2016
CVSS 6.1
EPSS 0.00
CVE-2015-7262 HIGH
QNAP iArtist Lite <1.4.54 - Privilege Escalation
Feb 27, 2016
CVSS 7.5
EPSS 0.00
CVE-2015-7261 CRITICAL
QNAP iArtist Lite < 1.4.54 and Signage Station < 2.0.1 - Unauthenticated FTP Access via Hardcoded Credentials
Feb 27, 2016
CVSS 9.8
EPSS 0.00
CVE-2015-6036 HIGH
QNAP Signage Station <2.0.1 - Auth Bypass
Feb 27, 2016
CVSS 7.5
EPSS 0.00
CVE-2015-6022 HIGH
QNAP Signage Station < 2.0.1 - Authenticated Arbitrary File Upload
Feb 27, 2016
CVSS 8.8
EPSS 0.01
CVE-2015-6003
QNAP QTS <4.1.4-4.2.0 - Path Traversal
Oct 16, 2015
EPSS 0.01
Products
qts 272 quts_hero 223 qsync_central 62 qutscloud 62 file_station 48 photo_station 26 video_station 15 media_streaming_add-on 13 music_station 13 qurouter 12 helpdesk 11 qumagie 10 qvr 10 qulog_center 8 nas_proxy_server 7 q\'center 7 hybrid_backup_sync 6 notes_station_3 6 qvr_pro 6 license_center 5 multimedia_console 5 qunetswitch 5 qvr_elite 5 qvr_guard 5 qes 4 download_station 3 qcalagent 3 qufirewall 3 qvp-21a_firmware 3 qvp-41a_firmware 3
Quick Filters
Critical CVEs With Exploits In CISA KEV