Firmware & Software

Stack Buffer Overflow in Surveillance Station

17. Februar 2021
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploite ... More
Heap-Based Buffer Overflow in Sudo (Baron Samedit)

28. Januar 2021
The Qualys research team has reported a heap-based buffer overflow vulnerability in sudo, an important utility for Unix-like and L ... More
Cleartext Storage of Sensitive Information in Cookies

30. Dezember 2020
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive info ... More
Cleartext Transmission of Sensitive Information in SNMP

30. Dezember 2020
A vulnerability has been reported to affect QNAP devices. If exploited, this vulnerability allows a remote attacker to gain access ... More
Improper Limitation of a Pathname to a Restricted Directory in QTS

30. Dezember 2020
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a p ... More
Hard-coded Password Vulnerability in QES

23. Dezember 2020
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could al ... More
Command Injection Vulnerability in QES

23. Dezember 2020
A command injection vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allo ... More
Multiple Vulnerabilities in QES

23. Dezember 2020
Three vulnerabilities have been reported to affect earlier versions of QES. CVE-2020-2503: If exploited, this stored cross-site ... More
Command Injection Vulnerability in QTS and QuTS hero

7. Dezember 2020
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already ... More
Cross-site Scripting Vulnerability in Photo Station

7. Dezember 2020
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. We have already f ... More
Cross-site Scripting Vulnerability in Multimedia Console

7. Dezember 2020
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. We have already f ... More
Cross-site Scripting Vulnerability in Music Station

7. Dezember 2020
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. We have already fixed ... More
Multiple Vulnerabilities in QTS and QuTS hero

7. Dezember 2020
Four vulnerabilities have been reported to affect earlier versions of QTS and QuTS hero. CVE-2020-2495: If exploited, this cross ... More
Multiple Vulnerabilities in Photo Station

30. Oktober 2020
Three cross-site scripting vulnerabilities (CVE-2018-19954, CVE-2018-19955, CVE-2018-19956) have been reported to affect earlier v ... More
Multiple Vulnerabilities in Music Station

30. Oktober 2020
Three vulnerabilities have been reported to affect earlier versions of Music Station. CVE-2018-19950: If exploited, this command ... More
Multiple Vulnerabilities in QTS

28. Oktober 2020
Two vulnerabilities have been reported to affect earlier versions of QTS. CVE-2020-2490 ＆ CVE-2020-2492: If exploited, these two ... More
Zerologon

19. Oktober 2020

+1
The Zerologon vulnerability has been reported to affect some versions of QTS. If exploited, this elevation of privilege vulnerabil ... More
AgeLocker Ransomware

25. September 2020
The AgeLocker Ransomware has been reported to target QNAP NAS, Linux, and macOS devices. This new ransomware attempts to encrypt t ... More
AgeLocker Ransomware (MR1907)

25. September 2020
The AgeLocker Ransomware (MR1907) has been reported to target QNAP NAS, Linux, and macOS devices. This new ransomware attempts to ... More
Multiple Vulnerabilities in Helpdesk

9. September 2020
Three vulnerabilities have been reported to affect earlier versions of Helpdesk. CVE-2018-19946: If exploited, this improper cer ... More

Stack Buffer Overflow in Surveillance Station

Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Cleartext Storage of Sensitive Information in Cookies

Cleartext Transmission of Sensitive Information in SNMP

Improper Limitation of a Pathname to a Restricted Directory in QTS

Hard-coded Password Vulnerability in QES

Command Injection Vulnerability in QES

Multiple Vulnerabilities in QES

Command Injection Vulnerability in QTS and QuTS hero

Cross-site Scripting Vulnerability in Photo Station

Cross-site Scripting Vulnerability in Multimedia Console

Cross-site Scripting Vulnerability in Music Station

Multiple Vulnerabilities in QTS and QuTS hero

Multiple Vulnerabilities in Photo Station

Multiple Vulnerabilities in Music Station

Multiple Vulnerabilities in QTS

Zerologon

AgeLocker Ransomware

AgeLocker Ransomware (MR1907)

Multiple Vulnerabilities in Helpdesk