Vulnerabilities > Qnap > QTS > 4.3.4

DATE CVE VULNERABILITY TITLE RISK
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
6.5
6.5
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
6.5
6.5
2020-11-02 CVE-2018-19952 SQL Injection vulnerability in Qnap Music Station
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information.
network
low complexity
qnap CWE-89
5.0
5.0
2020-10-28 CVE-2018-19953 Cross-site Scripting vulnerability in Qnap QTS
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.
network
qnap CWE-79
4.3
4.3
2020-10-28 CVE-2018-19949 Command Injection vulnerability in Qnap QTS
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.
network
low complexity
qnap CWE-77
7.5
7.5
2020-10-28 CVE-2018-19943 Cross-site Scripting vulnerability in Qnap QTS
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code.
network
qnap CWE-79
3.5
3.5
2019-12-04 CVE-2019-7197 Cross-site Scripting vulnerability in Qnap QTS
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS.
network
qnap CWE-79
3.5
3.5
2019-12-04 CVE-2018-0729 Command Injection vulnerability in Qnap Music Station
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device.
network
low complexity
qnap CWE-77
7.5
7.5
2019-02-01 CVE-2018-0722 Path Traversal vulnerability in Qnap Photo Station
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
network
low complexity
qnap CWE-22
5.0
5.0
2018-11-30 CVE-2018-0716 Cross-site Scripting vulnerability in Qnap QTS
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.
network
qnap CWE-79
4.3
4.3