Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for Q'center Virtual Appliance by QNAP

    VAR-201812-0417

    Vulnerability from variot - Updated: 2024-11-23 22:58

    Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. This vulnerability CVE-2018-0724 Is a different vulnerability.Information may be obtained and information may be altered. QNAPQ'centerVirtualAppliance is a virtual device used by QNAP Systems to deploy Q'center (QNAPNAS management platform) in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0417",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "q\\\u0027center virtual appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "1.8.1014"
          },
          {
            "model": "q\u0027center virtual appliance",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "1.8.1014"
          },
          {
            "model": "q\u0027center virtual appliance",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "qnap",
            "version": "\u003c=1.8.1014"
          },
          {
            "model": "q\\\u0027center virtual appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "qnap",
            "version": "1.8.1014"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:qnap:q%27center_virtual_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          }
        ]
      },
      "cve": "CVE-2018-0723",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-0723",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-03341",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-0723",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0723",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0723",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-03341",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-1149",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. This vulnerability CVE-2018-0724 Is a different vulnerability.Information may be obtained and information may be altered. QNAPQ\u0027centerVirtualAppliance is a virtual device used by QNAP Systems to deploy Q\u0027center (QNAPNAS management platform) in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0723",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "id": "VAR-201812-0417",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          }
        ],
        "trust": 1.01666666
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:58:48.638000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "NAS-201812-26",
            "trust": 0.8,
            "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
          },
          {
            "title": "Patch for Q\u0027centerVirtualAppliance Cross-Site Scripting Vulnerability (CNVD-2019-03341)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/152239"
          },
          {
            "title": "QNAP Q\u0027center Virtual Appliance Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88192"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0723"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0723"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "date": "2018-12-26T16:29:00.267000",
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-03341"
          },
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          },
          {
            "date": "2024-11-21T03:38:48.967000",
            "db": "NVD",
            "id": "CVE-2018-0723"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Q\u0027center Virtual Appliance Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013120"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1149"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0418

    Vulnerability from variot - Updated: 2024-11-23 22:00

    Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. This vulnerability CVE-2018-0723 Is a different vulnerability.Information may be obtained and information may be altered

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0418",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "q\\\u0027center virtual appliance",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "qnap",
            "version": "1.8.1014"
          },
          {
            "model": "q\u0027center virtual appliance",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "qnap",
            "version": "1.8.1014"
          },
          {
            "model": "q\\\u0027center virtual appliance",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "qnap",
            "version": "1.8.1014"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:qnap:q%27center_virtual_appliance",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          }
        ]
      },
      "cve": "CVE-2018-0724",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-0724",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-0724",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-0724",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-0724",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-1150",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. This vulnerability CVE-2018-0723 Is a different vulnerability.Information may be obtained and information may be altered",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-0724",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "id": "VAR-201812-0418",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41666666
      },
      "last_update_date": "2024-11-23T22:00:10.702000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "NAS-201812-26",
            "trust": 0.8,
            "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
          },
          {
            "title": "QNAP Q\u0027center Virtual Appliance Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88193"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0724"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0724"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "date": "2018-12-26T16:29:00.313000",
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          },
          {
            "date": "2024-11-21T03:38:49.093000",
            "db": "NVD",
            "id": "CVE-2018-0724"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Q\u0027center Virtual Appliance Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013121"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-1150"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-0724 (GCVE-0-2018-0724)

    Vulnerability from nvd – Published: 2018-12-26 16:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: Q'center Virtual Appliance 1.8.1014 and earlier versions
    Create a notification for this product.
    Date Public
    2018-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2018-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-26T15:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-12-26T00:00:00",
              "ID": "CVE-2018-0724",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0724",
        "datePublished": "2018-12-26T16:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:59.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0723 (GCVE-0-2018-0723)

    Vulnerability from nvd – Published: 2018-12-26 16:00 – Updated: 2024-09-16 17:43
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: Q'center Virtual Appliance 1.8.1014 and earlier versions
    Create a notification for this product.
    Date Public
    2018-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2018-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-26T15:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-12-26T00:00:00",
              "ID": "CVE-2018-0723",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0723",
        "datePublished": "2018-12-26T16:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:43:13.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0710 (GCVE-0-2018-0710)

    Vulnerability from nvd – Published: 2018-07-16 15:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in SSH of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0710",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in SSH of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0710",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:44.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0709 (GCVE-0-2018-0709)

    Vulnerability from nvd – Published: 2018-07-16 15:00 – Updated: 2024-09-17 01:57
    VLAI
    Summary
    Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in date of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0709",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in date of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0709",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:57:01.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0708 (GCVE-0-2018-0708)

    Vulnerability from nvd – Published: 2018-07-16 15:00 – Updated: 2024-09-16 17:03
    VLAI
    Summary
    Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in networking of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in networking of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0708",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:30.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0707 (GCVE-0-2018-0707)

    Vulnerability from nvd – Published: 2018-07-16 15:00 – Updated: 2024-09-16 17:22
    VLAI
    Summary
    Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "name": "45043",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45043/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "name": "45043",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45043/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0707",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "45043",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45043/"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0707",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:22:44.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0706 (GCVE-0-2018-0706)

    Vulnerability from nvd – Published: 2018-07-16 15:00 – Updated: 2024-09-17 02:20
    VLAI
    Summary
    Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Exposure of Private Information
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "name": "45043",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45043/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Private Information in QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Private Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "name": "45043",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45043/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exposure of Private Information in QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exposure of Private Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "45043",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45043/"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0706",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:20:57.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0724 (GCVE-0-2018-0724)

    Vulnerability from cvelistv5 – Published: 2018-12-26 16:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: Q'center Virtual Appliance 1.8.1014 and earlier versions
    Create a notification for this product.
    Date Public
    2018-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2018-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-26T15:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-12-26T00:00:00",
              "ID": "CVE-2018-0724",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0724",
        "datePublished": "2018-12-26T16:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:59.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0723 (GCVE-0-2018-0723)

    Vulnerability from cvelistv5 – Published: 2018-12-26 16:00 – Updated: 2024-09-16 17:43
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: Q'center Virtual Appliance 1.8.1014 and earlier versions
    Create a notification for this product.
    Date Public
    2018-12-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.290Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2018-12-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-26T15:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-12-26T00:00:00",
              "ID": "CVE-2018-0723",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Q\u0027center Virtual Appliance 1.8.1014 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Q\u0027center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201812-26"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0723",
        "datePublished": "2018-12-26T16:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:43:13.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0710 (GCVE-0-2018-0710)

    Vulnerability from cvelistv5 – Published: 2018-07-16 15:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in SSH of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0710",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in SSH of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0710",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:44.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0708 (GCVE-0-2018-0708)

    Vulnerability from cvelistv5 – Published: 2018-07-16 15:00 – Updated: 2024-09-16 17:03
    VLAI
    Summary
    Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in networking of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in networking of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0708",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:03:30.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0706 (GCVE-0-2018-0706)

    Vulnerability from cvelistv5 – Published: 2018-07-16 15:00 – Updated: 2024-09-17 02:20
    VLAI
    Summary
    Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
    Severity
    No CVSS data available.
    CWE
    • Exposure of Private Information
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "name": "45043",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45043/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Private Information in QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Exposure of Private Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "name": "45043",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45043/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exposure of Private Information in QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Exposure of Private Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "45043",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45043/"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0706",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:20:57.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0707 (GCVE-0-2018-0707)

    Vulnerability from cvelistv5 – Published: 2018-07-16 15:00 – Updated: 2024-09-16 17:22
    VLAI
    Summary
    Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "name": "45043",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45043/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "name": "45043",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45043/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0707",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in change password of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "45043",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45043/"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0707",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:22:44.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0709 (GCVE-0-2018-0709)

    Vulnerability from cvelistv5 – Published: 2018-07-16 15:00 – Updated: 2024-09-17 01:57
    VLAI
    Summary
    Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
    Severity
    No CVSS data available.
    CWE
    • Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    QNAP Q'center Virtual Appliance Affected: 1.7.1063 and earlier
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45015",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45015/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
              },
              {
                "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Q\u0027center Virtual Appliance",
              "vendor": "QNAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.7.1063 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in date of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-27T09:57:01.000Z",
            "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
            "shortName": "qnap"
          },
          "references": [
            {
              "name": "45015",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45015/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
            },
            {
              "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@qnap.com",
              "DATE_PUBLIC": "2018-07-10T00:00:00",
              "ID": "CVE-2018-0709",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Q\u0027center Virtual Appliance",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.7.1063 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "QNAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Command injection vulnerability in date of QNAP Q\u0027center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45015",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45015/"
                },
                {
                  "name": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Jul/45"
                },
                {
                  "name": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html"
                },
                {
                  "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10",
                  "refsource": "CONFIRM",
                  "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201807-10"
                },
                {
                  "name": "20180711 [CORE-2018-0006] - QNAP Qcenter Virtual Appliance Multiple Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://www.securityfocus.com/archive/1/542141/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "assignerShortName": "qnap",
        "cveId": "CVE-2018-0709",
        "datePublished": "2018-07-16T15:00:00.000Z",
        "dateReserved": "2017-11-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:57:01.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }