Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qnap qts 4.3.4 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-28809
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows malicious users to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions o...
Qnap Hybrid Backup Sync
7.5
CVSSv2
CVE-2021-28799
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote malicious users to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4...
Qnap Hybrid Backup Sync
4.3
CVSSv2
CVE-2018-19942
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote malicious users to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 bui...
Qnap Qts 4.3.3.0229
Qnap Qts 4.3.3
Qnap Qts 4.3.4
Qnap Qts 4.3.4.0387
Qnap Qts 4.3.4.0370
Qnap Qts 4.3.4.0372
Qnap Qts 4.3.4.0374
Qnap Qts 4.3.4.0358
Qnap Qts 4.3.4.0604
Qnap Qts 4.3.3.0570
Qnap Qts 4.3.4.0597
Qnap Qts 4.3.4.0593
Qnap Qts 4.3.3.0546
Qnap Qts 4.3.4.0569
Qnap Qts 4.3.4.0561
Qnap Qts 4.3.4.0516
Qnap Qts 4.3.3.0514
Qnap Qts 4.3.4.0526
Qnap Qts 4.3.4.0551
Qnap Qts 4.3.4.0557
Qnap Qts 4.3.6.1033
Qnap Qts 4.3.6.1013
8.5
CVSSv2
CVE-2018-19945
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed ...
Qnap Qts
4.3
CVSSv2
CVE-2020-2491
This cross-site scripting vulnerability in Photo Station allows remote malicious users to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and...
Qnap Photo Station
3.5
CVSSv2
CVE-2019-7197
A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an malicious user to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS ...
Qnap Qts 4.3.3
Qnap Qts 4.3.4
Qnap Qts 4.2.6
Qnap Qts 4.3.6
Qnap Qts 4.4.1
5
CVSSv2
CVE-2018-0722
Path Traversal vulnerability in Photo Station versions: 5.7.2 and previous versions in QTS 4.3.4, 5.4.4 and previous versions in QTS 4.3.3, 5.2.8 and previous versions in QTS 4.2.6 could allow remote malicious users to access sensitive information on the device.
Qnap Photo Station
4.3
CVSSv2
CVE-2018-0716
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and previous versions versions could allow remote malicious users to inject Javascript code in the compromised applicatio...
Qnap Qts 4.3.3
Qnap Qts 4.3.4
Qnap Qts 4.2.6
Qnap Qts 4.3.5
7.8
CVSSv2
CVE-2018-14748
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and previous versions versions could allow remote malicious users to power off the NAS.
Qnap Qts 4.3.3
Qnap Qts 4.3.4
Qnap Qts 4.2.6
Qnap Qts 4.3.5
7.5
CVSSv2
CVE-2018-14749
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and previous versions versions could have unspecified impact on the NAS.
Qnap Qts 4.3.3
Qnap Qts 4.3.4
Qnap Qts 4.2.6
Qnap Qts 4.3.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »