Vulnerabilities > Qnap > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2017-7641 Cross-Site Request Forgery (CSRF) vulnerability in Qnap Media Streaming Add-On
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
network
qnap CWE-352
6.8
6.8
2018-03-08 CVE-2017-7638 Improper Authentication vulnerability in Qnap Media Streaming Add-On
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly.
network
low complexity
qnap CWE-287
6.4
6.4
2018-03-08 CVE-2017-7634 Cross-site Scripting vulnerability in Qnap Media Streaming Add-On
Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML.
network
qnap CWE-79
4.3
4.3
2018-03-05 CVE-2017-7633 Information Exposure vulnerability in Qnap Qfinder PRO 6.1.0.0317
QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices.
network
low complexity
qnap CWE-200
5.0
5.0
2017-10-06 CVE-2017-13068 SQL Injection vulnerability in Qnap QTS Helpdesk
QNAP has already patched this vulnerability.
network
low complexity
qnap CWE-89
5.0
5.0
2017-06-15 CVE-2017-7629 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
network
low complexity
qnap CWE-640
5.0
5.0
2017-03-23 CVE-2017-5227 Information Exposure vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
network
low complexity
qnap CWE-200
5.0
5.0
2016-07-03 CVE-2015-5664 Cross-site Scripting vulnerability in Qnap QTS
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
qnap CWE-79
4.3
4.3
2016-02-27 CVE-2015-6036 Unspecified vulnerability in Qnap Sinage Station 2.0.0
QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.
network
low complexity
qnap
5.0
5.0
2014-06-09 CVE-2013-5760 Information Exposure vulnerability in Qnap Photo Station and Photo Station Firmware
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.
network
low complexity
qnap CWE-200
5.0
5.0