cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-45038,https://securityvulnerability.io/vulnerability/CVE-2023-45038,Music Station Vulnerability: Improper Authentication Exposes System Security via Network,"An improper authentication vulnerability has been identified in QNAP's Music Station software, potentially allowing attackers to exploit the system's network interfaces. This security flaw can enable unauthorized users to breach security measures and access sensitive system information. It is crucial that users upgrade to Music Station version 5.4.0 or later, which addresses this vulnerability effectively. Maintaining up-to-date software is essential for safeguarding systems against potential threats and ensuring the integrity of user data.",QNAP,Music Station,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-06T16:26:59.319Z,0
CVE-2023-39299,https://securityvulnerability.io/vulnerability/CVE-2023-39299,Music Station,"A path traversal vulnerability has been identified in QNAP's Music Station, enabling unauthorized users to access sensitive files on the system. If exploited, this flaw could permit individuals to read unexpected files, potentially revealing confidential information over the network. QNAP has addressed this issue in Music Station versions 4.8.11, 5.1.16, and 5.3.23 or later.",QNAP,Music Station,7.5,HIGH,0.0014400000218302011,false,false,false,false,,false,false,2023-11-03T17:15:00.000Z,0
CVE-2023-23365,https://securityvulnerability.io/vulnerability/CVE-2023-23365,Music Station,"A path traversal vulnerability has been identified in QNAP's Music Station, allowing authenticated users to potentially access unexpected files. This issue could lead to the exposure of sensitive data over the network. QNAP has addressed this vulnerability in Music Station version 5.3.22 and later, making it imperative for users to update their software to safeguard their information.",QNAP,Music Station,7.7,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2023-10-06T17:15:00.000Z,0
CVE-2023-23366,https://securityvulnerability.io/vulnerability/CVE-2023-23366,Music Station,"A path traversal vulnerability has been identified in Music Station that may allow authenticated users to access unauthorized files. This oversight could lead to the exposure of sensitive information over the network, posing a potential risk to data confidentiality. Users are encouraged to upgrade to version 5.3.22 or later to mitigate this risk.",QNAP,Music Station,7.7,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2023-10-06T17:15:00.000Z,0
CVE-2020-36197,https://securityvulnerability.io/vulnerability/CVE-2020-36197,Improper Access Control Vulnerability in Music Station,"An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4.",QNAP,Music Station,7.1,HIGH,0.002730000065639615,false,false,false,false,,false,false,2021-05-13T00:00:00.000Z,0
CVE-2020-2494,https://securityvulnerability.io/vulnerability/CVE-2020-2494,Cross-site Scripting Vulnerability in Music Station,This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later,QNAP,Music Station,6.1,MEDIUM,0.0011500000255182385,false,false,false,false,,false,false,2020-12-07T00:00:00.000Z,0
CVE-2018-19951,https://securityvulnerability.io/vulnerability/CVE-2018-19951,,"If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.",QNAP,Music Station,6.1,MEDIUM,0.0011500000255182385,false,false,false,false,,false,false,2020-11-02T16:15:00.000Z,0
CVE-2018-19950,https://securityvulnerability.io/vulnerability/CVE-2018-19950,,"If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.",QNAP,Music Station,9.8,CRITICAL,0.0026000000070780516,false,false,false,false,,false,false,2020-11-02T16:15:00.000Z,0
CVE-2018-19952,https://securityvulnerability.io/vulnerability/CVE-2018-19952,,"If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.",QNAP,Music Station,7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2020-11-02T16:15:00.000Z,0
CVE-2019-7185,https://securityvulnerability.io/vulnerability/CVE-2019-7185,,"This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.",Qnap,Qnap Nas Devices Running Music Station,4.8,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2019-12-05T16:48:20.000Z,0
CVE-2018-0718,https://securityvulnerability.io/vulnerability/CVE-2018-0718,,Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.,Qnap,Music Station,9.8,CRITICAL,0.0023799999617040157,false,false,false,false,,false,false,2018-09-14T00:00:00.000Z,0
CVE-2017-13069,https://securityvulnerability.io/vulnerability/CVE-2017-13069,,"QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.",Qnap,Music Station,9.8,CRITICAL,0.002630000002682209,false,false,false,false,,false,false,2017-10-06T18:00:00.000Z,0