QNAP QSA-24-20 : License Center - Authenticated remote code execution - CVE-2024-21903
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2024-21903%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
QSA-24-20 - The vulnerability CVE-2024-21903 allows an authenticated administrator or delegated user to execute arbitrary commands
QSA-24-20 - The vulnerability CVE-2024-21903 allows an authenticated administrator or delegated user to execute arbitrary commands
QNAP QSA-24-25 : Music Station - Unauthenticated file read and authentication bypass - CVE-2023-45038
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2023-45038%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
QSA-24-25 - The vulnerability CVE-2023-45038 allows an unauthenticated attacker to bypass the authentication and read arbitrary files as root
QNAP QSA-22-14 : VideoStation - Multiple Vulnerabilities
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2021-44055%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2021-44056%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
The first vulnerably allows an unauthenticated attacker to leak video filename and id. The second vulnerability allows an authenticated user without access to the VideoStation application to bypass application privileges checking
QNAP QSA-22-15 : PhotoStation - Application Privileges Checking Bypass
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2021-44057%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
This vulnerability allows an authenticated user without access to the PhotoStation application to bypass application privileges checking
QNAP QSA-21-25 : Helpdesk - A simple user without privileges can gain administrative access on the NAS
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2021-28814%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
This vulnerability allows a simple user to enable SSH access to the NAS and get the password of the _qnap_support account. This account is sudoers on the device.
Synology SA-20:25 : SafeAccess - Multiple Vulnerabilities
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2020-27659%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2020-27660%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
%22%20fill=%22%23fff%22%20textLength=%22510%22%3ESynology%3C/text%3E%3Ctext%20x=%221085%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22530%22%3ESA-20:25%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
Multiple Stored XSS and SQLite Injection vulnerabilities in the Safe Access (1.2.1-0220) package.
CVE-2020-25867 : SoPlanning Sharing Key Bypass
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2020-25867%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
A PHP type Juggling attack that allows an unauthenticated attacker to access the content of the calendar without knowing the sharing key
Synology SA-18-15 : Photo Station - Privilege Escalation and CRLF
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%22985%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22890%22%3ECVE-2018-8925%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%22985%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22890%22%3ECVE-2018-8926%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
%22%20fill=%22%23fff%22%20textLength=%22510%22%3ESynology%3C/text%3E%3Ctext%20x=%221085%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22530%22%3ESA-18:15%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
Multiple vulnerabilities allow remote attackers to hijack the authentication of administrators or to conduct privilege escalation attacks via a susceptible version of Photo Station.
Synology SA-17:17 : Surveillance Station - Path Traversal
%22%20fill=%22%23fff%22%20textLength=%22230%22%3ECVE%3C/text%3E%3Ctext%20x=%221015%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22950%22%3ECVE-2017-16770%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
%22%20fill=%22%23fff%22%20textLength=%22510%22%3ESynology%3C/text%3E%3Ctext%20x=%221085%22%20y=%22140%22%20transform=%22scale(.1)%22%20fill=%22%23fff%22%20textLength=%22530%22%3ESA-17:77%3C/text%3E%3C/g%3E%3C/svg%3E){kind=small}
A Path Traversal vulnerability allowing an authenticated user with access to Surveillance Station service can access pictures on the whole system