Vulnerabilities > Qnap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-29 | CVE-2021-38688 | Improper Authentication vulnerability in Qnap Qfile An improper authentication vulnerability has been reported to affect Android App Qfile. | 5.0 |
| 2021-11-26 | CVE-2021-38686 | Improper Authentication vulnerability in Qnap QVR 5.1.5 An improper authentication vulnerability has been reported to affect QNAP device, VioStor. | 6.8 |
| 2021-11-20 | CVE-2021-34358 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Qmailagent We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | 6.8 |
| 2021-11-20 | CVE-2021-38681 | Cross-site Scripting vulnerability in Qnap Ragic Cloud DB A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. | 4.3 |
| 2021-11-13 | CVE-2021-34357 | Cross-site Scripting vulnerability in Qnap Qmailagent A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. | 4.3 |
| 2021-10-22 | CVE-2021-34362 | Command Injection vulnerability in Qnap Media Streaming Add-On A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. | 6.5 |
| 2021-09-27 | CVE-2021-34349 | Command Injection vulnerability in Qnap QVR A command injection vulnerability has been reported to affect QNAP device running QVR. | 6.5 |
| 2021-09-10 | CVE-2018-19957 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Qnap QTS A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. | 4.3 |
| 2021-09-10 | CVE-2021-28813 | Insecure Storage of Sensitive Information vulnerability in Qnap Qsw-M2116P-2T2S Firmware and Qunetswitch A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. | 5.0 |
| 2021-09-10 | CVE-2021-28816 | Out-of-bounds Write vulnerability in Qnap QTS A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. | 6.5 |