Vulnerabilities > Qnap > QTS > 4.3.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-16 | CVE-2020-2492 | Command Injection vulnerability in Qnap QTS If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. | 6.5 |
2020-11-16 | CVE-2020-2490 | Command Injection vulnerability in Qnap QTS If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. | 6.5 |
2020-11-02 | CVE-2018-19952 | SQL Injection vulnerability in Qnap Music Station If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. | 5.0 |
2020-10-28 | CVE-2018-19953 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 4.3 |
2020-10-28 | CVE-2018-19949 | Command Injection vulnerability in Qnap QTS If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. | 7.5 |
2020-10-28 | CVE-2018-19943 | Cross-site Scripting vulnerability in Qnap QTS If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. | 3.5 |
2019-12-04 | CVE-2019-7197 | Cross-site Scripting vulnerability in Qnap QTS A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. | 3.5 |
2019-12-04 | CVE-2018-0729 | Command Injection vulnerability in Qnap Music Station This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. | 7.5 |
2019-02-01 | CVE-2018-0722 | Path Traversal vulnerability in Qnap Photo Station Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | 5.0 |
2018-11-30 | CVE-2018-0716 | Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. | 4.3 |