40 matches found
CVE-2025-30274
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later...
PT-2025-35281
Name of the Vulnerable Software and Affected Versions: QNAP versions prior to QTS 5.2.5.3145 build 20250526 QNAP versions prior to QuTS hero h5.2.5.3138 build 20250519 Description: An out-of-bounds write issue exists in QNAP operating systems. A remote attacker with a user account can exploit thi...
CVE-2024-53693
An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...
CVE-2023-23357
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the...
QNAP Systems QTS和QuTS hero 安全漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS and QNAP Systems QuTS hero that stems from the...
CVE-2024-37041
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...
QNAP Systems QTS和QNAP Systems QuTS hero 路径遍历漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is a starter operating system.QNAP Systems QuTS hero is an operating system. A path traversal vulnerability exists in QNAP Systems QTS prior to version 5.2.1.2930 build 20241025...
QNAP Systems QTS和QuTS hero 格式化字符串错误漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. A format string error vulnerability exists in QNAP Systems QTS prior to version 5.2.1.2930 build...
PT-2024-1515 · Qnap · Qts +2
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.4.2596 build 20231128 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to...
CVE-2023-23372
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 a...
PT-2023-9128 · Qnap · Quts Hero +1
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128 Description: The issue is related to a buffer copy without checking the size of the input, which can lead to a buffer overflow in memory...
PT-2023-8499 · Qnap · Quts Hero +2
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero versions prior to h5.1.2.2534 build 20230927 QuTScloud versions prior to c5.1.5.2651 Description: A buffer copy without checking the size of input vulnerability has been reported to...
PT-2023-8519 · Qnap · Qts +2
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.4.2596 build 20231128 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to...
QNAP Systems QTS 和 QuTS hero 命令注入漏洞
QNAP Systems QTS is an operating system for use with entry to mid-level QNAP NAS from China's Weilian Technology QNAP Systems. A command injection vulnerability exists in QNAP Systems QTS and QuTS hero, which can be exploited to allow an authenticated remote user to execute arbitrary commands fro...
PT-2022-3429 · Qnap · Quts Hero +2
Name of the Vulnerable Software and Affected Versions: QuTScloud versions prior to c5.0.1.1949 QuTS hero versions prior to h5.0.0.1986 build 20220324 QTS versions prior to 5.0.0.1986 build 20220324 Description: A command injection issue affects QNAP NAS running QuTScloud, QuTS hero, and QTS,...
CVE-2019-7198
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS...
QNAP QTS Buffer Overflow Vulnerability (CNVD-2017-37605)
QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. A buffer overflow vulnerability exists in QNAP QTS. A remote attacker could exploit this vulnerability to execute arbitrary code on th...
QNAP QTS Music Station Command Injection Vulnerability
QNAP QTS is a Turbo NAS operating system from QNAP Systems that provides file storage, management, backup, multimedia applications and security monitoring. The system provides file storage, management, backup, multimedia applications and security monitoring, etc. Music Station is one of the music...
QNAP QTS Arbitrary Command Execution Vulnerability (CNVD-2017-10395)
QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. An arbitrary command execution vulnerability exists in QNAP QTS. An attacker could use this vulnerability to execute arbitrary command...
VulnCheck KEV: CVE-2017-6361
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors...