QNAP Q'center Virtual Appliance - 7 CVEs, 2 Versions

CVE-2018-0723

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724.

UNKNOWN Dec 26, 2018

CVE-2018-0724

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723.

UNKNOWN Dec 26, 2018

CVE-2018-0706

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.

UNKNOWN Jul 16, 2018

CVE-2018-0710

Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

UNKNOWN Jul 16, 2018

CVE-2018-0708

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

UNKNOWN Jul 16, 2018

CVE-2018-0709

Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

UNKNOWN Jul 16, 2018

CVE-2018-0707

Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

UNKNOWN Jul 16, 2018

Q'center Virtual Appliance

Versions

Q'center Virtual Appliance 1.8.1014 and earlier versions

1.7.1063 and earlier

Recent CVEs

CVE-2018-0723

CVE-2018-0724

CVE-2018-0706

CVE-2018-0710

CVE-2018-0708

CVE-2018-0709

CVE-2018-0707