Vulnerabilities > Qnap

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2017-7634 Cross-site Scripting vulnerability in Qnap Media Streaming Add-On
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
qnap CWE-79
6.1
2018-03-05 CVE-2017-7633 Information Exposure vulnerability in Qnap Qfinder PRO 6.1.0.0317
QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices.
network
low complexity
qnap CWE-200
7.5
2017-12-21 CVE-2017-17033 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-21 CVE-2017-17032 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-21 CVE-2017-17031 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-21 CVE-2017-17030 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-21 CVE-2017-17029 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-21 CVE-2017-17028 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-21 CVE-2017-17027 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
network
low complexity
qnap CWE-119
critical
9.8
2017-12-11 CVE-2017-13070 Untrusted Search Path vulnerability in Qnap Qsync 4.2.2.0724
A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.
local
low complexity
qnap CWE-426
7.8