Vulnerabilities > Qnap

DATE	CVE	VULNERABILITY TITLE	RISK
2019-02-01	CVE-2018-0722	Path Traversal vulnerability in Qnap Photo Station Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. network low complexity qnap CWE-22	7.5
2018-12-26	CVE-2018-0724	Cross-site Scripting vulnerability in Qnap Q'Center Virtual Appliance 1.8.1014 Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. network low complexity qnap CWE-79	6.1
2018-12-26	CVE-2018-0723	Cross-site Scripting vulnerability in Qnap Q'Center Virtual Appliance 1.8.1014 Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. network low complexity qnap CWE-79	6.1
2018-11-30	CVE-2018-0716	Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. network low complexity qnap CWE-79	6.1
2018-11-28	CVE-2018-14749	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. network low complexity qnap CWE-119 critical	9.8
2018-11-28	CVE-2018-14748	Incorrect Authorization vulnerability in Qnap QTS Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. network low complexity qnap CWE-863	7.5
2018-11-28	CVE-2018-14747	NULL Pointer Dereference vulnerability in Qnap QTS NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. network low complexity qnap CWE-476	7.5
2018-11-28	CVE-2018-14746	Command Injection vulnerability in Qnap QTS Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. network low complexity qnap CWE-77 critical	9.8
2018-09-14	CVE-2018-0718	Command Injection vulnerability in Qnap Music Station Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. network low complexity qnap CWE-77 critical	9.8
2018-08-27	CVE-2018-0715	Cross-site Scripting vulnerability in Qnap Photo Station Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application. network low complexity qnap CWE-79	6.1

Vulnerabilities > Qnap {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Qnap"}]}

Vulnerabilities > Qnap