Vulnerabilities > Qnap > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-34973 Insufficient Entropy vulnerability in Qnap QTS and Quts Hero
An insufficient entropy vulnerability has been reported to affect QNAP operating systems.
network
low complexity
qnap CWE-331
5.3
5.3
2022-05-26 CVE-2021-34360 Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server.
network
qnap CWE-352
6.8
6.8
2022-05-05 CVE-2021-38693 Path Traversal vulnerability in Qnap QTS and Qutscloud
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance.
network
low complexity
qnap CWE-22
5.0
5.0
2022-05-05 CVE-2021-44053 Cross-site Scripting vulnerability in Qnap Qts, Quts Hero and Qutscloud
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud.
network
low complexity
qnap CWE-79
6.1
6.1
2022-05-05 CVE-2021-44054 Open Redirect vulnerability in Qnap Qts, Quts Hero and Qutscloud
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS.
network
low complexity
qnap CWE-601
6.1
6.1
2022-02-25 CVE-2021-34361 Cross-site Scripting vulnerability in Qnap NAS Proxy Server 1.3.0
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server.
network
qnap CWE-79
4.3
4.3
2022-01-14 CVE-2021-38677 Cross-site Scripting vulnerability in Qnap Qcalagent
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent.
network
qnap CWE-79
4.3
4.3
2022-01-14 CVE-2021-38678 Open Redirect vulnerability in Qnap Qcalagent
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent.
network
qnap CWE-601
5.8
5.8
2022-01-07 CVE-2021-38674 Cross-site Scripting vulnerability in Qnap QTS
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud.
network
qnap CWE-79
4.3
4.3
2021-12-29 CVE-2021-38680 Cross-site Scripting vulnerability in Qnap Kazoo Server 4.10.12/4.10.9
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server.
network
qnap CWE-79
4.3
4.3