CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2022/05/05 4:50 p.m.•30 views

CVE-2021-38693 Path Traversal in thttpd

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the...

5.3CVSS5.3AI score0.00869EPSS

CNNVD•added 2022/05/05 12:0 a.m.•3 views

QNAP 多款产品路径遍历漏洞

QNAP Systems QNAP QuTScloud is a cloud-optimized version of the QNAP NAS operating system from QNAP Systems. A path traversal vulnerability exists in QNAP QTS, QuTS hero, and QuTScloud, which stems from an input validation error when processing a directory traversal sequence in thttpd. A remote...

5.3CVSS6.3AI score0.00869EPSS

Positive Technologies•added 2022/05/05 12:0 a.m.•3 views

PT-2022-3427 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 4.5.4.1991 build 20220329 QTS versions prior to 5.0.0.1986 build 20220324 QuTS hero versions prior to h4.5.4.1971 build 20220310 QuTS hero versions prior to h5.0.0.1986 build 20220324 QuTScloud versions prior to...

6.1CVSS6AI score0.00691EPSS

Exploits0References4

CNNVD•added 2022/05/05 12:0 a.m.•3 views

QNAP Systems 多款产品命令注入漏洞

QNAP Systems QUTS Hero and others are products of China Weilian QNAP Systems.QUTS Hero is a NAS operating system for managing files.QNAP QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an entry- to mid-level operating system for use with QNAP NAS. A...

8.8CVSS8.6AI score0.01612EPSS

CNNVD•added 2022/05/05 12:0 a.m.•3 views

QNAP Systems 多款产品跨站脚本漏洞

QNAP Systems QUTS Hero and QNAP QuTScloud are both products of China Weilian QNAP Systems.QUTS Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide enterprises with a more stable...

6.1CVSS6.3AI score0.00691EPSS

Positive Technologies•added 2022/05/05 12:0 a.m.•2 views

PT-2022-3429 · Qnap · Quts Hero +2

Name of the Vulnerable Software and Affected Versions: QuTScloud versions prior to c5.0.1.1949 QuTS hero versions prior to h5.0.0.1986 build 20220324 QTS versions prior to 5.0.0.1986 build 20220324 Description: A command injection issue affects QNAP NAS running QuTScloud, QuTS hero, and QTS,...

9CVSS9AI score0.01612EPSS

The Hacker News•added 2022/03/31 3:23 a.m.•99 views

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage NAS appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the...

7.5CVSS0.5AI score0.70561EPSS

Exploits2

NVD•added 2022/01/07 2:15 a.m.•12 views

CVE-2021-38674

A cross-site scripting XSS vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero...

6.1CVSS0.00636EPSS

Prion•added 2022/01/07 2:15 a.m.•12 views

Cross site scripting

4.3CVSS6AI score0.00636EPSS

Cvelist•added 2022/01/07 1:15 a.m.•15 views

CVE-2021-38674 Reflected XSS Vulnerability in TFTP

4.2CVSS6.2AI score0.00636EPSS

CVE•added 2022/01/07 1:15 a.m.•64 views

CVE-2021-38674

CVE-2021-38674 is an XSS vulnerability affecting QTS, QuTS hero, and QuTScloud. Publicly documented vulnerable components include the QTS/QTS hero/QuTScloud web interfaces, with remote attacker exploitation enabling injection of malicious code. The NVD/NVD-derived entries list fixes in QTS 4.5.4....

6.1CVSS5.1AI score0.00636EPSS

NVD•added 2021/09/10 4:15 a.m.•17 views

CVE-2021-34343

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS...

7.2CVSS0.01888EPSS

NVD•added 2021/09/10 4:15 a.m.•18 views

CVE-2021-28816

8.8CVSS0.00898EPSS

NVD•added 2021/09/10 4:15 a.m.•23 views

CVE-2018-19957

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

6.1CVSS0.00685EPSS

Prion•added 2021/09/10 4:15 a.m.•18 views

Stack overflow

6.5CVSS9AI score0.00898EPSS

Prion•added 2021/09/10 4:15 a.m.•14 views

Stack overflow

6.5CVSS7.4AI score0.01888EPSS

Prion•added 2021/09/10 4:15 a.m.•15 views

Design/Logic Flaw

4.3CVSS6.3AI score0.00685EPSS

CVE•added 2021/09/10 4:0 a.m.•65 views

CVE-2021-34343

CVE-2021-34343 describes a stack buffer overflow affecting QNAP devices running QTS, QuTScloud, and QuTS hero . The vulnerability could allow an attacker to execute arbitrary code. Affected releases have been fixed in: QTS 4.5.4.1715 build 20210630 and later , QTS 5.0.0.1716 build 20210701 and la...

7.2CVSS7.2AI score0.01888EPSS

CVE•added 2021/09/10 4:0 a.m.•79 views

CVE-2021-28816

CVE-2021-28816 is a stack-based buffer overflow affecting QNAP QTS, QuTScloud, and QuTS hero. The vulnerability could allow arbitrary code execution if exploited. Affected QTS/QuTS versions fixed include QTS 4.5.4.1715 build 20210630 and later, QTS 5.0.0.1716 build 20210701 and later, QTS 4.3.3.1...

8.8CVSS8.6AI score0.00898EPSS