CVE-2025-47210

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2...

CVE-2025-54153 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 2025/07/31...

CVE-2025-53595

CVE-2025-53595 concerns QNAP Qsync Central. Multiple connected sources confirm an SQL injection vulnerability in Qsync Central caused by inadequate validation of externally supplied SQL statements, allowing a remote user with an account to potentially execute unauthorized code or commands. A fixe...

CVE-2025-53595 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 2025/07/31...

CVE-2025-53595 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 2025/07/31...

CVE-2025-52867

CVE-2025-52867 affects QNAP Qsync Central. An uncontrolled resource consumption vulnerability can be exploited by a remote attacker who gains a user account to cause a denial-of-service (DoS). The issue is addressed in Qsync Central 5.0.0.2 and later. Connected sources (CNVD/CNNVD/NVD) describe t...

CVE-2025-52867 Qsync Central

An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Centra...

CVE-2025-47210

CVE-2025-47210 (QNAP Qsync Central) is a NULL pointer dereference vulnerability affecting Qsync Central versions prior to 5.0.0.2. A remote attacker who has a user account can trigger a DoS by exploiting the dereference flaw. The issue has been fixed in Qsync Central 5.0.0.2 (released 2025-07-31)...

EUVD-2025-32356

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...

PT-2025-40585

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.2 Description An uncontrolled resource consumption issue exists in Qsync Central. A remote attacker who obtains a user account can potentially launch a denial-of-service DoS attack. Recommendations Update ...

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an uncontrolled resource consumption vulnerability that can be exploited by attackers to cause a denial of service...

PT-2025-40553

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.2 Description A flaw exists in Qsync Central that allows a remote attacker, having obtained a user account, to exhaust resources and potentially prevent other systems, applications, or processes from...

CVE-2021-39026

IBM Guardium Data Encryption GDE 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

CVE-2021-39021

IBM Guardium Data Encryption GDE 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. IBM X-Force ID: 213856...

Security Bulletin: OpenSSL publicly disclosed vulnerabilities affect MessageGateway (CVE-2021-23841 CVE-2021-23840)

Summary MessageGateway has addressed the following vulnerabilities by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an...