Vulnerabilities > Qnap > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-17 | CVE-2018-0707 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 7.2 |
| 2018-07-17 | CVE-2018-0706 | Unspecified vulnerability in Qnap Q'Center Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. | 8.8 |
| 2018-06-05 | CVE-2017-7635 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. | 8.8 |
| 2018-03-08 | CVE-2017-7641 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Media Streaming Add-On QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. | 8.8 |
| 2018-03-05 | CVE-2017-7633 | Information Exposure vulnerability in Qnap Qfinder PRO 6.1.0.0317 QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. | 7.5 |
| 2017-12-11 | CVE-2017-13070 | Untrusted Search Path vulnerability in Qnap Qsync 4.2.2.0724 A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | 7.8 |
| 2017-10-06 | CVE-2017-13068 | SQL Injection vulnerability in Qnap QTS Helpdesk 1.1.12 QNAP has already patched this vulnerability. | 7.5 |
| 2017-06-15 | CVE-2017-7629 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | 7.5 |
| 2017-03-23 | CVE-2017-5227 | Information Exposure vulnerability in Qnap QTS QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. | 7.5 |
| 2016-02-27 | CVE-2015-7262 | Source Code vulnerability in Qnap Iartist Lite and Signage Station QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot. | 7.5 |