FAIL › dossier
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2022-05-24 | CVE-2018-19949 | critical | ⚡RCE ⌖KEV | 95 | A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands. |
| 2022-09-08 | CVE-2022-27593 | critical | ⌖KEV | 80 | Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign. |
| 2022-06-08 | CVE-2019-7194 | critical | ⌖KEV | 80 | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. |
| 2022-06-08 | CVE-2019-7195 | critical | ⌖KEV | 80 | QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. |
| 2022-06-08 | CVE-2019-7193 | critical | ⌖KEV | 80 | QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. |
| 2022-06-08 | CVE-2019-7192 | critical | ⌖KEV | 80 | QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. |
| 2022-05-24 | CVE-2018-19953 | critical | ⌖KEV | 80 | A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. |
| 2022-05-24 | CVE-2018-19943 | critical | ⌖KEV | 80 | A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. |
| 2022-03-31 | CVE-2021-28799 | critical | ⌖KEV | 80 | QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device. |
| 2023-12-21 | CVE-2023-47565 | high | ⚡RCE ⌖KEV | 65 | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. |
| 2022-04-11 | CVE-2020-2509 | high | ⚡RCE ⌖KEV | 65 | QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. |
| 2022-03-25 | CVE-2020-2506 | high | ⌖KEV | 50 | QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information. |