VYPR
Vendor

Qnap

Products
75
CVEs
486
Across products
758
Status
Private

Products

75
View all 75 products →

Recent CVEs

486
View all 486 CVEs →
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2017-6360CriMar 23, 2017
    risk 0.72cvss 9.8epss 0.66

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.

  • CVE-2017-6361CriMar 23, 2017
    risk 0.71cvss 9.8epss 0.57

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2017-6359CriMar 23, 2017
    risk 0.69cvss 9.8epss 0.27

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.

  • CVE-2017-13067CriSep 14, 2017
    risk 0.68cvss 9.8epss 0.17

    QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a…

  • CVE-2017-7876CriJun 15, 2017
    risk 0.65cvss 10.0epss 0.03

    This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.

  • CVE-2025-66276CriJun 10, 2026
    risk 0.64cvss 9.8epss 0.00

    QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later

  • CVE-2026-44083CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.00

    An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later

  • CVE-2026-22898CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system. We have already fixed the vulnerability in the following version: QVR Pro 2.7.4.14 and later

  • CVE-2018-0718CriSep 14, 2018
    risk 0.64cvss 9.8epss 0.02

    Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

  • CVE-2018-0706HigJul 17, 2018
    risk 0.64cvss 8.8epss 0.49

    Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.

  • CVE-2018-0712CriJun 21, 2018
    risk 0.64cvss 9.8epss 0.03

    Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.

  • CVE-2017-7640CriMar 8, 2018
    risk 0.64cvss 9.8epss 0.02

    QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.

  • CVE-2017-17033CriDec 21, 2017
    risk 0.64cvss 9.8epss 0.04

    A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

  • CVE-2017-17032CriDec 21, 2017
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

  • CVE-2017-17031CriDec 21, 2017
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

  • CVE-2017-17030CriDec 21, 2017
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

  • CVE-2017-17029CriDec 21, 2017
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

  • CVE-2017-17028CriDec 21, 2017
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.