) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:qnap:video_station:5.3.15:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-50360 |
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later Published: September 06, 2024; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-47563 |
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later Published: September 06, 2024; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-34977 |
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later Published: October 13, 2023; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2023-34976 |
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later Published: October 13, 2023; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-34975 |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later Published: October 13, 2023; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2021-28812 |
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3. Published: June 02, 2021; 11:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-7184 |
This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. Published: December 05, 2019; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |