Vulnerabilities > Qnap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-21 | CVE-2017-17030 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 7.5 |
| 2017-12-21 | CVE-2017-17029 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 7.5 |
| 2017-12-21 | CVE-2017-17028 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 7.5 |
| 2017-12-21 | CVE-2017-17027 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 7.5 |
| 2017-12-11 | CVE-2017-13070 | Untrusted Search Path vulnerability in Qnap Qsync 4.2.2.0724 A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | 9.3 |
| 2017-11-22 | CVE-2017-13071 | Command Injection vulnerability in Qnap Video Station 5.1.3/5.2.0 QNAP has already patched this vulnerability. | 7.5 |
| 2017-10-06 | CVE-2017-13069 | Command Injection vulnerability in Qnap Music Station QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. | 7.5 |
| 2017-10-06 | CVE-2017-13068 | SQL Injection vulnerability in Qnap QTS Helpdesk QNAP has already patched this vulnerability. | 5.0 |
| 2017-09-19 | CVE-2017-10700 | Improper Input Validation vulnerability in Qnap QTS 4.3.3.0229 In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | 10.0 |
| 2017-09-14 | CVE-2017-13067 | Unspecified vulnerability in Qnap QTS QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. | 7.5 |