Vulnerabilities > Qnap > QTS > 4.3.4

DATE CVE VULNERABILITY TITLE RISK
2021-09-10 CVE-2018-19957 Improper Restriction of Rendered UI Layers or Frames vulnerability in Qnap QTS
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud.
network
qnap CWE-1021
4.3
4.3
2021-09-10 CVE-2021-28816 Out-of-bounds Write vulnerability in Qnap QTS
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero.
network
low complexity
qnap CWE-787
6.5
6.5
2021-09-10 CVE-2021-34343 Out-of-bounds Write vulnerability in Qnap QTS
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero.
network
low complexity
qnap CWE-787
6.5
6.5
2021-07-01 CVE-2020-36194 Cross-site Scripting vulnerability in Qnap QTS
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
qnap CWE-79
4.3
4.3
2021-07-01 CVE-2021-28802 OS Command Injection vulnerability in Qnap QTS
A command injection vulnerabilities have been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-78
7.5
7.5
2021-07-01 CVE-2021-28804 OS Command Injection vulnerability in Qnap QTS
A command injection vulnerabilities have been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-78
7.5
7.5
2021-06-24 CVE-2021-28800 OS Command Injection vulnerability in Qnap QTS
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS.
network
low complexity
qnap CWE-78
7.5
7.5
2021-06-03 CVE-2021-28806 Cross-site Scripting vulnerability in Qnap QTS
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
qnap CWE-79
3.5
3.5
2021-04-17 CVE-2020-36195 SQL Injection vulnerability in Qnap QTS
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.
network
low complexity
qnap CWE-89
7.5
7.5
2021-04-16 CVE-2018-19942 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station.
network
qnap CWE-79
4.3
4.3