Qts@4.3.4 Security Vulnerabilities and Issues — Qts@4.3.4 CVE List

Lucene search

QnapQts4.3.4

10 matches found

CVE•added 2018/11/28 4:29 p.m.•74 views

CVE-2018-14746

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.

10CVSS9.7AI score0.04785EPSS

CVE•added 2021/04/16 1:15 a.m.•65 views

CVE-2018-19942

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) Q...

6.1CVSS6AI score0.0027EPSS

CVE•added 2018/11/27 11:29 p.m.•57 views

CVE-2018-0721

Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.

10CVSS7.8AI score0.00633EPSS

CVE•added 2018/11/28 4:29 p.m.•50 views

CVE-2018-14749

Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.

9.8CVSS9.7AI score0.00543EPSS

CVE•added 2018/11/27 9:0 p.m.•41 views

CVE-2018-0719

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

5.5CVSS5.4AI score0.00226EPSS

CVE•added 2019/12/04 5:16 p.m.•41 views

CVE-2019-7197

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.

4.8CVSS4.9AI score0.0031EPSS

CVE•added 2018/11/30 2:29 p.m.•40 views

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.

6.1CVSS6.2AI score0.00272EPSS

CVE•added 2018/06/21 1:29 p.m.•39 views

CVE-2017-13072

Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.

6.1CVSS6AI score0.00272EPSS

CVE•added 2018/11/28 4:29 p.m.•33 views

CVE-2018-14747

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.

7.5CVSS7.9AI score0.006EPSS

CVE•added 2018/11/28 4:29 p.m.•33 views

CVE-2018-14748

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

7.8CVSS7.9AI score0.00622EPSS