Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
QNAP Systems Inc.

Helpdesk

2 Versions 8 CVEs

Versions

3.3.x

OTHER 1 CVE

unspecified

OTHER 7 CVEs

Recent CVEs

CVE-2024-27125

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later

LOW Sep 06, 2024

CVE-2021-28814

An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.4.

HIGH Jun 11, 2021

CVE-2020-2506

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

HIGH Feb 03, 2021

CVE-2020-2507

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

CRITICAL Feb 03, 2021

CVE-2018-19946

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

MEDIUM Sep 11, 2020

CVE-2018-19947

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this information exposure vulnerability could disclose sensitive information. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

MEDIUM Sep 11, 2020

CVE-2018-19948

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

LOW Sep 11, 2020

CVE-2020-2500

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.

CRITICAL Jul 01, 2020