7 matches found
CVE-2024-48866
An improper handling of URL encoding Hex Encoding vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following...
CVE-2024-53691
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following...
CVE-2024-37045
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...
CVE-2024-37044
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...
CVE-2024-53699 QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions...
CVE-2024-53698
CVE-2024-53698 is a double free vulnerability affecting QNAP QTS and QuTS hero. Root cause: memory management flaw that could allow remote attackers who have gained administrator access to modify memory. Impact stated: exploit could enable memory modification. Remediation: fixed in QTS 5.2.3.3006...
CVE-2024-48867
CVE-2024-48867 concerns CRLF injection in QNAP QTS and QuTS Hero. Affected products/versions include QTS 5.1.9.2954 (build 20241120) and later, QTS 5.2.2.2950 (build 20241114) and later, QuTS hero h5.1.9.2954 (build 20241120) and later, and QuTS hero h5.2.2.2952 (build 20241116) and later. The CW...