Vulnerabilities > Qnap > QTS > 4.3.6.1263

DATE CVE VULNERABILITY TITLE RISK
2020-12-31 CVE-2018-19941 Cleartext Storage of Sensitive Information vulnerability in Qnap QTS
A vulnerability has been reported to affect QNAP NAS.
network
low complexity
qnap CWE-312
7.5
7.5
2020-12-29 CVE-2020-25847 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
8.8
8.8
2020-12-10 CVE-2020-2498 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2020-2497 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2020-2496 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2020-2495 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
low complexity
qnap CWE-79
6.1
6.1
2020-12-10 CVE-2019-7198 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
7.2