CVE-2020-36197

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4.

Related Vulnerabilities

CVE-2013-4246

HIGH
CVSS:8.8(High)

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive in...

CWE-2842013

CVE-2014-4707

HIGH
CVSS:8.8(High)

Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00S...

CWE-2842014

CVE-2014-5279

HIGH
CVSS:8.8(High)

The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitra...

CWE-2842014

CVE-2014-9489

HIGH
CVSS:8.8(High)

The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote ...

CWE-2842014

CVE-2014-9827

HIGH
CVSS:8.8(High)

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

CWE-2842014

CVE-2014-9828

HIGH
CVSS:8.8(High)

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.

CWE-2842014