Qnap Systems Inc Music Station vulnerabilities

CVE-2023-45038 [HIGH] CWE-287 CVE-2023-45038: An improper authentication vulnerability has been reported to affect Music Station. If exploited, th An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later

CVE-2023-39299 [HIGH] CWE-22 CVE-2023-39299: A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerab A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.

CVE-2023-23366 [MEDIUM] CWE-22 CVE-2023-23366: A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerab A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later

CVE-2023-23365 [MEDIUM] CWE-22 CVE-2023-23365: A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerab A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later

CVE-2020-36197 [HIGH] CWE-284 CVE-2020-36197: An improper access control vulnerability has been reported to affect earlier versions of Music Stati An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versio

CVE-2020-2494 [MEDIUM] CWE-79 CVE-2020-2494: This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later

CVE-2018-19950 [CRITICAL] CWE-77 CVE-2018-19950: If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

CVE-2018-19952 [HIGH] CWE-20 CVE-2018-19952: If exploited, this SQL injection vulnerability could allow remote attackers to obtain application in If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

CVE-2018-19951 [MEDIUM] CWE-79 CVE-2018-19951: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicio If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.