11 matches found
Qnap QTS and QuTS hero Allocation of Resources Without Limits or Throttling (CVE-2025-47208)
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same...
Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-48727)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52862)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-48728)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-44013 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following...
CVE-2025-47211
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...
CVE-2025-52860 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-52859 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2025-48728
Summary of CVE-2025-48728 (QNAP QTS / QuTS hero) A NULL pointer dereference vulnerability affects several QNAP operating system versions. According to multiple sources, if an attacker gains an administrator account, they can exploit this issue to trigger a denial-of-service (DoS) condition. The v...
CVE-2025-47211
CVE-2025-47211 describes a path traversal vulnerability in QNAP QTS and QuTS hero. A remote attacker with administrator privileges could read arbitrary files or system data due to improper path handling. Affected versions: QTS 5.2.6.3195 build 20250715 and later; QuTS hero h5.2.6.3195 build 20250...
PT-2025-40586
Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.6.3195 build 20250715 QNAP QuTS hero versions prior to 5.2.6.3195 build 20250715 Description A use of externally-controlled format string vulnerability exists in QNAP operating systems. If an attacker obtains an...