Vulnerabilities > Qnap > QTS > 4.3.3.2644
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-10 | CVE-2018-19957 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Qnap Qts, Quts Hero and Qutscloud A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. | 6.1 |
| 2021-07-01 | CVE-2020-36194 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. | 6.1 |
| 2021-07-01 | CVE-2021-28802 | Unspecified vulnerability in Qnap QTS and Quts Hero A command injection vulnerabilities have been reported to affect QTS and QuTS hero. | 9.8 |
| 2021-07-01 | CVE-2021-28804 | Unspecified vulnerability in Qnap QTS and Quts Hero A command injection vulnerabilities have been reported to affect QTS and QuTS hero. | 9.8 |
| 2021-06-03 | CVE-2021-28806 | Unspecified vulnerability in Qnap QTS A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. | 5.4 |
| 2021-01-11 | CVE-2020-2508 | Command Injection vulnerability in Qnap QTS A command injection vulnerability has been reported to affect QTS and QuTS hero. | 7.2 |
| 2020-12-31 | CVE-2018-19944 | Cleartext Transmission of Sensitive Information vulnerability in Qnap QTS A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. | 7.5 |
| 2020-12-31 | CVE-2018-19941 | Cleartext Storage of Sensitive Information vulnerability in Qnap QTS A vulnerability has been reported to affect QNAP NAS. | 7.5 |
| 2020-12-29 | CVE-2020-25847 | Command Injection vulnerability in Qnap QTS and Quts Hero This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. | 8.8 |
| 2020-12-10 | CVE-2020-2498 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. | 6.1 |