Vulnerabilities > Qnap > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-10 | CVE-2021-34343 | Out-of-bounds Write vulnerability in Qnap QTS A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. | 6.5 |
2021-07-01 | CVE-2020-36194 | Cross-site Scripting vulnerability in Qnap QTS An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. | 4.3 |
2021-07-01 | CVE-2020-36196 | Cross-site Scripting vulnerability in Qnap Qulog Center A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. | 4.3 |
2021-06-16 | CVE-2021-28815 | Insecure Storage of Sensitive Information vulnerability in Qnap Myqnapcloud Link Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. | 4.0 |
2021-06-11 | CVE-2021-28801 | Out-of-bounds Read vulnerability in Qnap QSS An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. | 5.0 |
2021-06-11 | CVE-2021-28805 | Information Exposure vulnerability in Qnap QSS 1.0.2/1.0.3 Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. | 5.5 |
2021-06-08 | CVE-2021-28810 | Authentication Bypass by Spoofing vulnerability in Qnap Roon Server If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. | 5.0 |
2021-05-13 | CVE-2020-36197 | Improper Access Control vulnerability in Qnap Music Station An improper access control vulnerability has been reported to affect earlier versions of Music Station. | 5.8 |
2021-04-16 | CVE-2018-19942 | Cross-site Scripting vulnerability in Qnap QTS and Quts Hero A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. | 4.3 |
2021-02-17 | CVE-2020-2502 | Cross-site Scripting vulnerability in Qnap Photo Station This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. | 4.3 |