Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:qnap:qts:4.3.3
There are 58 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2018-19953

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Published: October 28, 2020; 2:15:12 PM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-19949

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.

Published: October 28, 2020; 2:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later

Published: October 28, 2020; 2:15:12 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-7195

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:13 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-7192

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Published: December 05, 2019; 12:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-7185

This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.

Published: December 05, 2019; 12:15:12 PM -0500
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-7197

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.

Published: December 04, 2019; 12:16:44 PM -0500
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-0729

This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.

Published: December 04, 2019; 12:16:42 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-0728

This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.

Published: December 04, 2019; 12:16:42 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-0722

Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.

Published: February 01, 2019; 1:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.

Published: November 30, 2018; 9:29:00 AM -0500
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14749

Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.

Published: November 28, 2018; 11:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-14748

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

Published: November 28, 2018; 11:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2018-14747

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.

Published: November 28, 2018; 11:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-14746

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.

Published: November 28, 2018; 11:29:00 AM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-0721

Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.

Published: November 27, 2018; 6:29:00 PM -0500
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-0719

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.

Published: November 27, 2018; 3:29:00 PM -0500
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-0718

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

Published: September 14, 2018; 8:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-0714

Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.

Published: August 13, 2018; 9:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH