Vulnerabilities > Qnap > QTS > 4.3.5

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2019-7198 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2
2018-11-30 CVE-2018-0716 Cross-site Scripting vulnerability in Qnap QTS
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.
network
low complexity
qnap CWE-79
6.1
6.1
2018-11-28 CVE-2018-14749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
network
low complexity
qnap CWE-119
critical
 9.8
9.8
2018-11-28 CVE-2018-14748 Incorrect Authorization vulnerability in Qnap QTS
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.
network
low complexity
qnap CWE-863
7.5
7.5
2018-11-28 CVE-2018-14747 NULL Pointer Dereference vulnerability in Qnap QTS
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.
network
low complexity
qnap CWE-476
7.5
7.5
2018-11-28 CVE-2018-14746 Command Injection vulnerability in Qnap QTS
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
network
low complexity
qnap CWE-77
critical
 9.8
9.8