Vulnerabilities > Qnap > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-17 | CVE-2018-0709 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
| 2018-07-17 | CVE-2018-0708 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
| 2018-07-17 | CVE-2018-0707 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |
| 2018-06-05 | CVE-2017-7637 | OS Command Injection vulnerability in Qnap NAS Proxy Server QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. | 10.0 |
| 2018-03-08 | CVE-2017-7640 | OS Command Injection vulnerability in Qnap Media Streaming Add-On QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges. | 10.0 |
| 2017-12-11 | CVE-2017-13070 | Untrusted Search Path vulnerability in Qnap Qsync 4.2.2.0724 A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | 9.3 |
| 2017-09-19 | CVE-2017-10700 | Improper Input Validation vulnerability in Qnap QTS 4.3.3.0229 In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | 10.0 |
| 2017-03-23 | CVE-2017-6361 | OS Command Injection vulnerability in Qnap QTS QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
| 2017-03-23 | CVE-2017-6360 | OS Command Injection vulnerability in Qnap QTS QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | 10.0 |
| 2017-03-23 | CVE-2017-6359 | OS Command Injection vulnerability in Qnap QTS QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | 10.0 |