Vulnerabilities > Qnap

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2021-34360 Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server.
network
qnap CWE-352
6.8
2022-05-05 CVE-2021-38693 Path Traversal vulnerability in Qnap QTS and Qutscloud
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance.
network
low complexity
qnap CWE-22
5.0
2022-05-05 CVE-2021-44051 Command Injection vulnerability in Qnap QTS and Quts Hero
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS.
network
low complexity
qnap CWE-77
6.5
2022-05-05 CVE-2021-44052 Link Following vulnerability in Qnap QTS and Quts Hero
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS.
network
low complexity
qnap CWE-59
5.5
2022-05-05 CVE-2021-44053 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud.
network
qnap CWE-79
4.3
2022-05-05 CVE-2021-44054 Open Redirect vulnerability in Qnap QTS and Quts Hero
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS.
network
qnap CWE-601
5.8
2022-05-05 CVE-2021-44055 Missing Authorization vulnerability in Qnap Video Station
An missing authorization vulnerability has been reported to affect QNAP device running Video Station.
network
low complexity
qnap CWE-862
7.5
2022-05-05 CVE-2021-44056 Improper Authentication vulnerability in Qnap Video Station
An improper authentication vulnerability has been reported to affect QNAP device running Video Station.
network
low complexity
qnap CWE-287
critical
10.0
2022-05-05 CVE-2021-44057 Improper Authentication vulnerability in Qnap Photo Station
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station.
network
low complexity
qnap CWE-287
critical
10.0
2022-05-05 CVE-2022-27588 Command Injection vulnerability in Qnap QVR
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later
network
low complexity
qnap CWE-77
7.5