Qts@* Security Vulnerabilities and Issues — Qts@* CVE List

Lucene search

QnapQts*

14 matches found

CVE•added 2020/10/28 6:15 p.m.•964 views

CVE-2018-19949

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20...

9.8CVSS9.6AI score0.57621EPSS

CVE•added 2020/10/28 6:15 p.m.•959 views

CVE-2018-19943

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS...

8CVSS5.5AI score0.05768EPSS

CVE•added 2020/10/28 6:15 p.m.•957 views

CVE-2018-19953

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build ...

6.1CVSS6AI score0.40146EPSS

CVE•added 2020/12/29 7:15 a.m.•105 views

CVE-2020-25847

8.8CVSS9.1AI score0.03053EPSS

CVE•added 2020/12/10 4:15 a.m.•72 views

CVE-2020-2495

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and...

6.1CVSS6.6AI score0.0027EPSS

CVE•added 2020/12/10 4:15 a.m.•65 views

CVE-2020-2496

6.1CVSS6.6AI score0.0027EPSS

CVE•added 2020/12/10 4:15 a.m.•61 views

CVE-2020-2498

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build...

6.1CVSS6.2AI score0.00145EPSS

CVE•added 2020/12/10 4:15 a.m.•60 views

CVE-2020-2497

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20...

6.1CVSS6.2AI score0.0027EPSS

CVE•added 2020/12/10 4:15 a.m.•58 views

CVE-2019-7198

This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4...

9.8CVSS9.9AI score0.03068EPSS

CVE•added 2020/11/16 1:15 a.m.•54 views

CVE-2020-2490

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

7.2CVSS7.3AI score0.02307EPSS

CVE•added 2020/11/16 1:15 a.m.•53 views

CVE-2020-2492

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

7.2CVSS7.3AI score0.02622EPSS

CVE•added 2020/12/31 5:15 p.m.•52 views

CVE-2018-19944

A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 bu...

7.5CVSS7.5AI score0.00146EPSS

CVE•added 2020/12/31 5:15 p.m.•51 views

CVE-2018-19941

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build...

7.5CVSS7.3AI score0.00151EPSS

CVE•added 2020/12/31 5:15 p.m.•49 views

CVE-2018-19945

A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability ...

9.1CVSS9.3AI score0.00399EPSS