108 matches found
Qnap QTS OS Command Injection (CVE-2023-39300)
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS...
Qnap QTS Stack-based Buffer Overflow (CVE-2023-41278)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
Qnap QTS Classic Buffer Overflow (CVE-2024-27129)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...
CVE-2024-21903
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...
CVE-2024-21906 QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...
CVE-2023-34979 QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790...
CVE-2023-34974
The CVE-2023-34974 entry is an OS command injection affecting QNAP QTS and QTS Hero (QTS versions prior to 4.5.4.2790 build 20240605 and later, and QuTS Hero prior to h4.5.4.2626 build 20231225 and later). QuTScloud, QVR, and QES are not affected. Root cause is a network-exposed command-injection...
CVE-2023-34974 QTS, QuTS hero, QuTScloud, QVR, QES
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: Q...
CVE-2023-39300
The CVE-2023-39300 entry concerns QNAP QTS OS command injection in legacy QTS. Affected are QTS versions prior to 4.3.6.2805 (build 20240619), prior to 4.3.4.2814 (build 20240618), prior to 4.3.3.2784 (build 20240619), and prior to 4.2.6 (build 20240618). The vulnerability stems from insufficient...
CVE-2024-21903 QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...
CVE-2024-21903 QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...
CVE-2024-21898 QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build...
CVE-2023-51367 QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build...
QNAP Systems QTS 操作系统命令注入漏洞
QNAP Systems QTS is an operating system used by China Weilian Technology QNAP Systems for entry to mid-level QNAP NAS. An operating system command injection vulnerability exists in QNAP Systems QTS version 4.3.6.2805 build 20240619 and prior versions, which stems from the inclusion of an operatin...
CVE-2023-47220 Media Streaming add-on
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5...
CVE-2024-27124
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...
CVE-2024-27124 QTS, QuTS hero, QuTScloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...
CVE-2024-27124
CVE-2024-27124 is an OS command injection vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. Exploitation could allow an attacker to execute arbitrary commands over the network, with no required privileges and user interaction needed. The issue has been fixed in: QTS 5.1.3.2578+ (build 2...
CVE-2024-27124 QTS, QuTS hero, QuTScloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...
CVE-2024-32766 QTS, QuTS hero, QuTScloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...