CVE-2018-0718
published 2018-09-14CVE-2018-0718: Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.68%
74.1th percentile
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | music_station | <= 5.1.2 | — |
| qnap | music_station | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libxmltok vulnerabilities
osv·2025-01-13·CVSS 6.8
CVE-2015-1283 libxmltok vulnerabilities
libxmltok vulnerabilities
It was discovered that Expat, contained within the xmltok library,
incorrectly handled malformed XML data. If a user or application were
tricked into opening a crafted XML file, an attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2019-15903)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled XML data containing a large number of colons, which
could lead to excessive resource consumption. If a user or application
were tricked into opening a crafted XML file, an attacker could possibly
use this issue to cause a denial of service. (CVE-2018-20843)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled certain input, whi
OSV
libxmltok vulnerabilities
osv·2022-07-19·CVSS 5.0
CVE-2012-1148 libxmltok vulnerabilities
libxmltok vulnerabilities
Tim Boddy, Gustavo Grieco and others discovered that Expat, that is
integrated in xmltok library, incorrectly handled certain files.
An attacker could possibly use these issues to cause a denial of
service, or possibly execute arbitrary code. These issues were only
addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903,
CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
It was discovered that Expat, that is integrated in xmltok library,
incorrectly handled encoding validation of certain files. An attacker
could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code. (CVE-2022-25235)
It was discovered
GHSA
GHSA-gw52-pwgm-mrx7: Command injection vulnerability in Music Station 5
ghsa_unreviewed·2022-05-13
CVE-2018-0718 [CRITICAL] CWE-77 GHSA-gw52-pwgm-mrx7: Command injection vulnerability in Music Station 5
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-09-14
Published