Vulnerabilities > Qnap > QTS > 4.4.0

DATE CVE VULNERABILITY TITLE RISK
2021-09-10 CVE-2021-28816 Out-of-bounds Write vulnerability in Qnap QTS
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero.
network
low complexity
qnap CWE-787
6.5
6.5
2021-09-10 CVE-2021-34343 Out-of-bounds Write vulnerability in Qnap QTS
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero.
network
low complexity
qnap CWE-787
6.5
6.5
2021-07-01 CVE-2020-36194 Cross-site Scripting vulnerability in Qnap QTS
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
qnap CWE-79
4.3
4.3
2021-07-01 CVE-2021-28802 OS Command Injection vulnerability in Qnap QTS
A command injection vulnerabilities have been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-78
7.5
7.5
2021-07-01 CVE-2021-28804 OS Command Injection vulnerability in Qnap QTS
A command injection vulnerabilities have been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-78
7.5
7.5
2021-06-03 CVE-2021-28806 Cross-site Scripting vulnerability in Qnap QTS
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
qnap CWE-79
3.5
3.5
2021-05-21 CVE-2021-28798 Path Traversal vulnerability in Qnap QTS and Quts Hero
A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero.
network
low complexity
qnap CWE-22
7.5
7.5
2021-04-17 CVE-2020-2509 Command Injection vulnerability in Qnap QTS
A command injection vulnerability has been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2021-04-16 CVE-2018-19942 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station.
network
qnap CWE-79
4.3
4.3
2020-12-10 CVE-2020-2498 Cross-site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
network
low complexity
qnap CWE-79
6.1
6.1