Lucene search
K
QnapQsync Central

62 matches found

CVE
CVE
added 2024/12/06 4:35 p.m.58 views

CVE-2024-50404

CVE-2024-50404 affects Qsync Central. A symlink/ZIP upload flaw allows a user with upload privileges to traverse the file system and disclose or modify sensitive targets (e.g., /etc/passwd, /etc/shadow) by uploading a ZIP containing a symlink to a protected path. Affected versions are Qsync Centr...

8.8CVSS6.6AI score0.01394EPSS
Web
CVE
CVE
added 2025/06/06 3:53 p.m.57 views

CVE-2025-22482

CVE-2025-22482 affects QNAP Qsync Central. A use of externally-controlled format string vulnerability could allow remote attackers who gain user access to obtain secret data or modify memory. The affected product is Qsync Central; vulnerable component is the formatting operation exposed to extern...

8.1CVSS7AI score0.00311EPSS
CVE
CVE
added 2025/06/06 3:53 p.m.53 views

CVE-2025-29892

CVE-2025-29892 concerns QNAP Qsync Central, where an SQL injection vulnerability could allow remote attackers with user access to execute unauthorized code or commands. Public details across sources confirm the issue originates from insufficient validation of externally entered SQL statements in ...

8.8CVSS8.4AI score0.00385EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.49 views

CVE-2023-47564

CVE-2023-47564 affects Qsync Central, caused by an incorrect permission assignment for a critical resource. If exploited, authenticated users could read or modify the resource over the network. Fixed in Qsync Central 4.4.0.15+ (2024/01/04) and 4.3.0.11+ (2024/01/11+). Remediation: upgrade to 4.4....

8.1CVSS7.7AI score0.01014EPSS
CVE
CVE
added 2025/08/29 5:14 p.m.29 views

CVE-2025-29893

The CVE-2025-29893 issue affects QNAP Qsync Central and is caused by an SQL injection vulnerability from lack of validation of externally entered SQL statements. A remote attacker who has a user account could exploit this to execute unauthorized code or commands. The vulnerability is rated HIGH (...

8.8CVSS7.8AI score0.00427EPSS
CVE
CVE
added 2025/08/29 5:15 p.m.23 views

CVE-2025-30261

CVE-2025-30261 affects QNAP Qsync Central. The vulnerability is an unlimited resource allocation issue in which a user account could be abused to exhaust resources, denying access to other systems/applications/processes. Documented impact is availability impact (high) with limited/no integrity/co...

7.1CVSS6.3AI score0.00419EPSS
CVE
CVE
added 2025/08/29 5:16 p.m.23 views

CVE-2025-33033

CVE-2025-33033 affects QNAP Qsync Central. A path traversal vulnerability allows a remote attacker who has a user account to read unexpected files or system data. The issue is fixed in Qsync Central 4.5.0.7 and later (patch released around 2025-04-23). Affected versions prior to 4.5.0.7 should be...

7.2CVSS6.3AI score0.00445EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.22 views

CVE-2025-52868

CVE-2025-52868 is a buffer overflow in Qsync Central. The issue allows a remote attacker who has a user account to modify memory or crash processes. A fix is available in Qsync Central 5.0.0.4 (2026-01-20) and later; users should upgrade to receive mitigation. The connected sources corroborate th...

8.1CVSS5.9AI score0.00299EPSS
CVE
CVE
added 2025/08/29 5:16 p.m.20 views

CVE-2025-30275

CVE-2025-30275 – QNAP Qsync Central : A NULL pointer dereference vulnerability in Qsync Central could be triggered by an attacker who already has a user account, enabling a denial-of-service (DoS). Affected product: Qsync Central (version(s) prior to 4.5.0.7). Root cause: NULL pointer dereference...

6.5CVSS6.3AI score0.0034EPSS
CVE
CVE
added 2025/08/29 5:15 p.m.19 views

CVE-2025-29898

CVE-2025-29898 affects QNAP Qsync Central. Affected component: Qsync Central software. Vulnerability: uncontrolled resource consumption that enables a remote attacker who has a user account to trigger a denial-of-service (DoS). Impact per reported metrics includes high availability impact with ne...

6.5CVSS6.3AI score0.00419EPSS
CVE
CVE
added 2025/08/29 5:15 p.m.19 views

CVE-2025-30260

CVE-2025-30260 affects QNAP Qsync Central. The issue is an allocation of resources without limits or throttling in Qsync Central that can, if an attacker obtains a user account, prevent other systems, applications, or processes from accessing the same resources. Public details indicate the vulner...

7.1CVSS6.3AI score0.00419EPSS
CVE
CVE
added 2025/08/29 5:15 p.m.19 views

CVE-2025-30263

CVE-2025-30263 describes a NULL pointer dereference in QNAP Qsync Central . The flaw can be triggered when a remote attacker, after obtaining a user account, exploits the condition to cause a denial-of-service. Affected component is the Qsync Central service; the underlying impact stated is avail...

6.5CVSS6.3AI score0.00419EPSS
CVE
CVE
added 2025/08/29 5:16 p.m.19 views

CVE-2025-30277

CVE-2025-30277 is an improper certificate validation vulnerability in QNAP Qsync Central . A remote attacker who already has a user account can exploit this to compromise system security. Affected software: Qsync Central versions prior to 4.5.0.7 . Root cause: improper certificate validation in t...

8.8CVSS6.3AI score0.00213EPSS
CVE
CVE
added 2025/08/29 5:17 p.m.19 views

CVE-2025-33036

CVE-2025-33036 is a path traversal vulnerability affecting QNAP Qsync Central. The issue allows an authenticated attacker to read arbitrary files or system data due to improper handling of file paths. The CVE is fixed in Qsync Central 4.5.0.7 and later (released 2025-04-23). Practical impact is d...

7.2CVSS6.3AI score0.00445EPSS
CVE
CVE
added 2025/08/29 5:17 p.m.19 views

CVE-2025-33038

CVE-2025-33038 is a path-traversal vulnerability in QNAP’s Qsync Central . Prior to version 4.5.0.7 , authenticated remote users could read unexpected files or system data due to the flaw. In fixed versions (4.5.0.7 and later), the issue has been remediated. Attack is network-based with low privi...

7.2CVSS6.3AI score0.00445EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.18 views

CVE-2025-48724

The vulnerability CVE-2025-48724 affects QNAP Qsync Central. A buffer overflow could be triggered after an attacker gains a valid user account, allowing memory modification or process crashes (details in linked advisories). Impact is described as high for integrity and availability in the NVD met...

8.1CVSS5.9AI score0.00378EPSS
CVE
CVE
added 2025/08/29 5:15 p.m.17 views

CVE-2025-29894

CVE-2025-29894 affects QNAP Qsync Central. The vulnerability is an SQL injection in Qsync Central that can be exploited by an authenticated remote attacker to execute unauthorized commands. The issue is addressed in Qsync Central 4.5.0.7 and later. Affected component: Qsync Central (private cloud...

8.8CVSS7.8AI score0.00427EPSS
CVE
CVE
added 2025/08/29 5:16 p.m.17 views

CVE-2025-30278

CVE-2025-30278 affects Qsync Central. The vulnerability is an improper certificate validation in Qsync Central prior to 4.5.0.7, allowing a remote attacker who has a user account to compromise system security. Fixed in Qsync Central 4.5.0.7 and later (2025/04/23). CVSS details in the sources show...

8.8CVSS6.3AI score0.00213EPSS
CVE
CVE
added 2025/08/29 5:17 p.m.17 views

CVE-2025-33037

Affects Qsync Central . Description: a path traversal vulnerability that could allow a remote attacker with a current user account to read files or system data. The issue is classified as a network-based vulnerability with low privileges required and no user interaction, leading to potential disc...

7.2CVSS6.3AI score0.00445EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.17 views

CVE-2025-54148

CVE-2025-54148 affects Qsync Central and involves a NULL pointer dereference that can be exploited to trigger a denial-of-service when an attacker with a valid user account connects remotely. The vulnerability is reported to be reachable over the network (attack vector: network) and, according to...

6.5CVSS5.5AI score0.00467EPSS
CVE
CVE
added 2026/02/11 12:17 p.m.17 views

CVE-2025-57710

The CVE-2025-57710 issue affects Qsync Central and is a resource-allocation vulnerability with no throttling. A remote attacker who has an administrator account can exhaust resources, potentially blocking other systems, applications, or processes from accessing the same resource. The root cause i...

6.9CVSS5.6AI score0.00469EPSS
CVE
CVE
added 2025/08/29 5:15 p.m.16 views

CVE-2025-30262

CVE-2025-30262 affects QNAP Qsync Central. A NULL pointer dereference vulnerability exists in the product, exploitable by a remote attacker who has a valid user account to cause a denial-of-service. Affected software is Qsync Central, with fixes available in version 5.0.0.0 and later (fixed June ...

6.5CVSS6.3AI score0.00419EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.16 views

CVE-2025-30276

CVE-2025-30276 is an out-of-bounds write vulnerability affecting QNAP’s Qsync Central . The issue can be exploited by an attacker who already has a remote user account to modify or corrupt memory, with a network attack vector , and requires no user interaction . The vulnerability’s impact is high...

8.8CVSS5.6AI score0.00504EPSS
CVE
CVE
added 2025/10/03 6:14 p.m.16 views

CVE-2025-52867

CVE-2025-52867 affects QNAP Qsync Central. An uncontrolled resource consumption vulnerability can be exploited by a remote attacker who gains a user account to cause a denial-of-service (DoS). The issue is addressed in Qsync Central 5.0.0.2 and later. Connected sources (CNVD/CNNVD/NVD) describe t...

6.5CVSS6.5AI score0.00387EPSS
CVE
CVE
added 2026/02/11 12:16 p.m.16 views

CVE-2025-58467

CVE-2025-58467 concerns a relative path traversal in Qsync Central. The vulnerability could allow a logged-in attacker to read unexpected files or system data once they obtain a user account. A fix is available in Qsync Central 5.0.0.4 and later (dated 2026-01-20). Metrics indicate a CVSSv4 base ...

6.5CVSS5.5AI score0.00416EPSS
CVE
CVE
added 2026/02/11 12:20 p.m.15 views

CVE-2025-30266

The CVE-2025-30266 entry describes a NULL pointer dereference in Qsync Central that could allow a remote attacker with a user account to cause a denial-of-service. Concrete details across connected sources identify Qsync Central as the affected product, with the root cause listed as a NULL pointe...

6.5CVSS5.5AI score0.00391EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.15 views

CVE-2025-52869

CVE-2025-52869 affects Qsync Central. A buffer overflow vulnerability allows a remote, authenticated attacker to modify memory or crash processes. Impact is linked to Qsync Central prior to 5.0.0.4; mitigation is to upgrade to 5.0.0.4 or later. The provided documents confirm the existence, affect...

8.1CVSS5.9AI score0.00398EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.15 views

CVE-2025-54146

CVE-2025-54146 affects Qsync Central. A NULL pointer dereference allows a remote attacker who has a user account to trigger a denial-of-service (DoS). The issue is mitigated by upgrading to Qsync Central 5.0.0.4 (released 2026-01-20) or later. According to the provided metrics, this CVE has a CVS...

6.5CVSS5.5AI score0.00467EPSS
CVE
CVE
added 2025/10/03 6:9 p.m.14 views

CVE-2025-44007

CVE-2025-44007 affects QNAP Qsync Central. The issue is an unrestricted resource allocation vulnerability where a user-account–authenticated remote attacker can exhaust resources and block access for other systems, applications, or processes. A fix is available in Qsync Central 5.0.0.1 and later ...

7.1CVSS6.5AI score0.0034EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.14 views

CVE-2025-47209

CVE-2025-47209 : A NULL pointer dereference affects Qsync Central . If a remote attacker gains a user account , they can trigger a DoS . The issue is fixed in Qsync Central 5.0.0.4 (2026-01-20) and later; CVSS-like metrics indicate low privileges and network access with no user interaction. Explo...

6.5CVSS5.5AI score0.00391EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.14 views

CVE-2025-48723

CVE-2025-48723 describes a buffer overflow in Qsync Central. A remote attacker who has a user account can exploit this vulnerability to modify memory or crash processes. A fixed version is available: Qsync Central 5.0.0.4 and later (2026-01-20). Affected products are Qsync Central versions prior ...

8.1CVSS5.9AI score0.00378EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.14 views

CVE-2025-54150

CVE-2025-54150 affects QNAP Qsync Central. It is an uncontrolled resource consumption vulnerability that allows a local attacker with a user account to trigger a denial-of-service (DoS). The issue has been fixed in Qsync Central 5.0.0.4 (2026-01-20) and later. CVSS metrics are provided, but explo...

7.1CVSS5.5AI score0.00242EPSS
CVE
CVE
added 2025/10/03 6:14 p.m.14 views

CVE-2025-54153

CVE-2025-54153 describes an SQL injection vulnerability in QNAP Qsync Central . According to multiple sources, a remote attacker who already has a user account can exploit this to execute unauthorized code or commands. The issue is rated high priority with a CVSS of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C...

8.8CVSS8AI score0.00394EPSS
CVE
CVE
added 2025/11/07 3:11 p.m.14 views

CVE-2025-57712

CVE-2025-57712 is a path traversal vulnerability affecting Qsync Central. A remote attacker who has a user account can exploit it to read contents of unexpected files or system data. The issue is fixed in Qsync Central 5.0.0.3 (2025-08-28) and later. Multiple connected sources corroborate the imp...

7.1CVSS6.4AI score0.00435EPSS
CVE
CVE
added 2026/02/11 12:16 p.m.14 views

CVE-2025-58472

CVE-2025-58472 is a NULL pointer dereference in Qsync Central. A remote attacker with administrator privileges can trigger a DoS. Affected product: Qsync Central; vulnerable component: not explicitly broken out beyond the OS software. Root cause: NULL pointer dereference (as described in multiple...

5.1CVSS5.5AI score0.00559EPSS
CVE
CVE
added 2026/02/11 12:19 p.m.13 views

CVE-2025-48722

CVE-2025-48722 describes a NULL pointer dereference in Qsync Central . If a remote attacker can obtain a user account, they can trigger a denial-of-service (DoS) against the service. Affected: Qsync Central prior to 5.0.0.4. Root cause: NULL pointer dereference leading to service disruption. Impa...

6.5CVSS5.5AI score0.00391EPSS
CVE
CVE
added 2025/10/03 6:14 p.m.13 views

CVE-2025-53595

CVE-2025-53595 concerns QNAP Qsync Central. Multiple connected sources confirm an SQL injection vulnerability in Qsync Central caused by inadequate validation of externally supplied SQL statements, allowing a remote user with an account to potentially execute unauthorized code or commands. A fixe...

8.8CVSS8AI score0.00394EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.13 views

CVE-2025-54152

CVE-2025-54152 affects Qsync Central with a use of out-of-range pointer offset vulnerability. According to the reports, if a remote attacker gains a user account, they can exploit the flaw to read sensitive portions of memory. A fixed version is available: Qsync Central 5.0.0.4 (2026-01-20) and l...

6.5CVSS5.6AI score0.00373EPSS
CVE
CVE
added 2026/02/11 12:16 p.m.13 views

CVE-2025-58471

CVE-2025-58471 affects QNAP Qsync Central. The issue is an allocation of resources without limits or throttling, which an admin-authenticated remote attacker could exploit to cause a denial of service by preventing other systems, applications, or processes from accessing the same type of resource...

5.1CVSS5.6AI score0.00469EPSS
CVE
CVE
added 2025/10/03 6:8 p.m.12 views

CVE-2025-33040

Summary of CVE-2025-33040 (Qsync Central) : The vulnerability is an allocation of resources without limits/throttling affecting Qsync Central. A remote attacker who can obtain a user account could exploit this to exhaust resources and prevent other systems, applications, or processes from accessi...

7.1CVSS6.5AI score0.0034EPSS
CVE
CVE
added 2025/10/03 6:9 p.m.12 views

CVE-2025-44008

CVE-2025-44008 describes a NULL pointer dereference in QNAP Qsync Central. The vulnerability allows a remote attacker with a user account to trigger a denial-of-service (DoS). Affected software appears to be Qsync Central prior to version 5.0.0.1. The issue has been fixed in Qsync Central 5.0.0.1...

6.5CVSS6.5AI score0.00419EPSS
CVE
CVE
added 2025/10/03 6:9 p.m.12 views

CVE-2025-44010

CVE-2025-44010 describes a NULL pointer dereference in Qsync Central that can be triggered by a remote attacker who has a user account, potentially leading to a denial-of-service (DoS). Affected software is Qsync Central, specifically versions prior to 5.0.0.1. The issue’s root cause is a NULL po...

6.5CVSS6.5AI score0.00419EPSS
CVE
CVE
added 2025/10/03 6:9 p.m.12 views

CVE-2025-44012

CVE-2025-44012 affects QNAP Qsync Central. The root cause is an allocation of resources without limits or throttling, allowing a remote attacker with a valid user account to exhaust resources and block access for other systems, applications, or processes. Affected are Qsync Central versions prior...

7.1CVSS6.5AI score0.0046EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.12 views

CVE-2025-52870

CVE-2025-52870 is a buffer‑overflow vulnerability in Qsync Central. The issue allows a remote attacker who has a user account to exploit memory corruption or crash processes. Public details identify the affected software as Qsync Central, with the root cause described as a buffer overflow. remedi...

8.1CVSS5.9AI score0.00378EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.12 views

CVE-2025-54147

CVE-2025-54147 affects Qsync Central via a NULL pointer dereference that can be triggered remotely after an attacker gains a user account, enabling a DoS. Impact: availability loss with no confidentiality/integrity impact per the published metrics. Remediation: fixed in Qsync Central 5.0.0.4 (202...

6.5CVSS5.5AI score0.00391EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.12 views

CVE-2025-54149

CVE-2025-54149 affects Qsync Central and is an uncontrolled resource consumption vulnerability leading to a DoS. The issue is exploitable by a local attacker who has a user account, exploiting the vulnerability to exhaust resources. A fixed version is available: Qsync Central 5.0.0.4 (released 20...

7.1CVSS5.5AI score0.00242EPSS
CVE
CVE
added 2026/02/11 12:18 p.m.12 views

CVE-2025-54151

CVE-2025-54151 affects Qnap Qsync Central. An Uncontrolled Resource Consumption vulnerability can be exploited by a local user account to launch a denial-of-service. The issue is reachable over the network (attack vector: NETWORK) with low privileges required and no user interaction. The impact i...

7.1CVSS5.5AI score0.00242EPSS
CVE
CVE
added 2026/02/11 12:17 p.m.12 views

CVE-2025-57708

CVE-2025-57708 is an allocation of resources without limits or throttling affecting Qsync Central . The root cause is resource exhaustion that can be triggered when a remote attacker gains a user account, enabling them to prevent other systems, applications, or processes from accessing the same t...

6.5CVSS5.6AI score0.00448EPSS
CVE
CVE
added 2026/02/11 12:17 p.m.12 views

CVE-2025-57709

The CVE-2025-57709 issue affects Qsync Central. A buffer overflow in Qsync Central (prior to version 5.0.0.4) can allow a remote attacker with a valid user account to modify memory or crash processes. The fixed version is Qsync Central 5.0.0.4 (2026-01-20) and later. Affected scope includes Qsync...

8.1CVSS5.9AI score0.00546EPSS
CVE
CVE
added 2026/02/11 12:17 p.m.12 views

CVE-2025-57711

CVE-2025-57711 affects Qnap Qsync Central and describes an allocation of resources without limits or throttling. The vulnerability is exploitable remotely by an attacker who already has an administrator account, allowing them to disrupt access to the same type of resource for other systems, appli...

6.9CVSS5.6AI score0.00469EPSS
Total number of security vulnerabilities62