Vulnerabilities > Qnap > QTS > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-03-08 CVE-2024-21899 Improper Authentication vulnerability in Qnap QTS and Quts Hero
An improper authentication vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-287
critical
 9.8
9.8
2024-02-02 CVE-2023-45025 Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2024-02-02 CVE-2023-39303 Improper Authentication vulnerability in Qnap Qts, Quts Hero and Qutscloud
An improper authentication vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-287
critical
 9.8
9.8
2023-11-03 CVE-2023-23369 OS Command Injection vulnerability in Qnap QTS
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
critical
 9.8
9.8
2023-11-03 CVE-2023-23368 OS Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-78
critical
 9.8
9.8
2023-09-22 CVE-2023-23363 Classic Buffer Overflow vulnerability in Qnap QTS
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system.
network
low complexity
qnap CWE-120
critical
 9.8
9.8
2023-01-30 CVE-2022-27596 SQL Injection vulnerability in Qnap QTS and Quts Hero
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS.
network
low complexity
qnap CWE-89
critical
 9.8
9.8
2021-04-17 CVE-2020-2509 Command Injection vulnerability in Qnap QTS
A command injection vulnerability has been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2019-12-05 CVE-2019-7193 Improper Input Validation vulnerability in Qnap QTS
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system.
network
low complexity
qnap CWE-20
critical
 9.8
9.8
2018-11-28 CVE-2018-14746 Command Injection vulnerability in Qnap QTS
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
network
low complexity
qnap CWE-77
critical
 10.0
10