Vulnerabilities > Qnap > QTS > 4.3.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-28 | CVE-2018-14749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. | 7.5 |
| 2018-11-28 | CVE-2018-14748 | Incorrect Authorization vulnerability in Qnap QTS Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. | 7.8 |
| 2018-11-28 | CVE-2018-14747 | NULL Pointer Dereference vulnerability in Qnap QTS NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. | 5.0 |
| 2018-11-28 | CVE-2018-14746 | Command Injection vulnerability in Qnap QTS Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | 10.0 |
| 2018-11-27 | CVE-2018-0721 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4 Buffer Overflow vulnerability in NAS devices. | 10.0 |
| 2018-11-27 | CVE-2018-0719 | Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4 Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. | 4.3 |
| 2018-09-14 | CVE-2018-0718 | Command Injection vulnerability in Qnap Music Station Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | 7.5 |
| 2018-08-13 | CVE-2018-0714 | Command Injection vulnerability in Qnap Helpdesk Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | 7.5 |
| 2018-06-21 | CVE-2018-0712 | Command Injection vulnerability in Qnap QTS Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. | 7.5 |
| 2018-06-21 | CVE-2017-13072 | Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4 Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | 4.3 |