CVE-2025-62850 QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-54165

An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2024-37049)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...

EUVD-2021-30910

Malicious code in bioql PyPI...

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data or execute arbitrary OS commands. For successful abuse, the malicious party must already have prior authentication. QNAP has...

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious person could exploit the vulnerabilities to execute arbitrary code on the vulnerable system. For successful abuse, the malicious party must be authorized. QNAP has released updates to fix the vulnerabilities in QTS and QTS Hero...

Vulnerabilities fixed in QNAP QTS and QTS Hero

QNAP has fixed vulnerabilities in QTS and QTS Hero. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Bypassing authentication. Circumvention of security measure Remote code execution Administrator/Root right...

PT-2024-1626 · Qnap · Quts Hero +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 Description: An OS command injection issue has been reported, affecting several QNAP operating syst...

PT-2023-9129 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.4.2596 build 20231128 QNAP QuTS hero versions prior to 5.1.4.2596 build 20231128 Description: A buffer copy without checking the size of input issue has been reported, which could allow authenticated...

QNAP QuTS hero Code Injection Vulnerability (QSA-23-01)

QNAP QuTS hero is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero";...

The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, arises from the lack of measures taken to neutralize special elements used in the command line of the operating system. This allows attackers to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of the QTS operating system is related to the lack of measures taken to neutralize special elements used in the OS command line. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of information...