62 matches found
CVE-2024-50404
CVE-2024-50404 affects Qsync Central. A symlink/ZIP upload flaw allows a user with upload privileges to traverse the file system and disclose or modify sensitive targets (e.g., /etc/passwd, /etc/shadow) by uploading a ZIP containing a symlink to a protected path. Affected versions are Qsync Centr...
CVE-2025-22482
CVE-2025-22482 affects QNAP Qsync Central. A use of externally-controlled format string vulnerability could allow remote attackers who gain user access to obtain secret data or modify memory. The affected product is Qsync Central; vulnerable component is the formatting operation exposed to extern...
CVE-2025-29892
CVE-2025-29892 concerns QNAP Qsync Central, where an SQL injection vulnerability could allow remote attackers with user access to execute unauthorized code or commands. Public details across sources confirm the issue originates from insufficient validation of externally entered SQL statements in ...
CVE-2023-47564
CVE-2023-47564 affects Qsync Central, caused by an incorrect permission assignment for a critical resource. If exploited, authenticated users could read or modify the resource over the network. Fixed in Qsync Central 4.4.0.15+ (2024/01/04) and 4.3.0.11+ (2024/01/11+). Remediation: upgrade to 4.4....
CVE-2025-29893
The CVE-2025-29893 issue affects QNAP Qsync Central and is caused by an SQL injection vulnerability from lack of validation of externally entered SQL statements. A remote attacker who has a user account could exploit this to execute unauthorized code or commands. The vulnerability is rated HIGH (...
CVE-2025-30261
CVE-2025-30261 affects QNAP Qsync Central. The vulnerability is an unlimited resource allocation issue in which a user account could be abused to exhaust resources, denying access to other systems/applications/processes. Documented impact is availability impact (high) with limited/no integrity/co...
CVE-2025-33033
CVE-2025-33033 affects QNAP Qsync Central. A path traversal vulnerability allows a remote attacker who has a user account to read unexpected files or system data. The issue is fixed in Qsync Central 4.5.0.7 and later (patch released around 2025-04-23). Affected versions prior to 4.5.0.7 should be...
CVE-2025-52868
CVE-2025-52868 is a buffer overflow in Qsync Central. The issue allows a remote attacker who has a user account to modify memory or crash processes. A fix is available in Qsync Central 5.0.0.4 (2026-01-20) and later; users should upgrade to receive mitigation. The connected sources corroborate th...
CVE-2025-30275
CVE-2025-30275 – QNAP Qsync Central : A NULL pointer dereference vulnerability in Qsync Central could be triggered by an attacker who already has a user account, enabling a denial-of-service (DoS). Affected product: Qsync Central (version(s) prior to 4.5.0.7). Root cause: NULL pointer dereference...
CVE-2025-29898
CVE-2025-29898 affects QNAP Qsync Central. Affected component: Qsync Central software. Vulnerability: uncontrolled resource consumption that enables a remote attacker who has a user account to trigger a denial-of-service (DoS). Impact per reported metrics includes high availability impact with ne...
CVE-2025-30260
CVE-2025-30260 affects QNAP Qsync Central. The issue is an allocation of resources without limits or throttling in Qsync Central that can, if an attacker obtains a user account, prevent other systems, applications, or processes from accessing the same resources. Public details indicate the vulner...
CVE-2025-30263
CVE-2025-30263 describes a NULL pointer dereference in QNAP Qsync Central . The flaw can be triggered when a remote attacker, after obtaining a user account, exploits the condition to cause a denial-of-service. Affected component is the Qsync Central service; the underlying impact stated is avail...
CVE-2025-30277
CVE-2025-30277 is an improper certificate validation vulnerability in QNAP Qsync Central . A remote attacker who already has a user account can exploit this to compromise system security. Affected software: Qsync Central versions prior to 4.5.0.7 . Root cause: improper certificate validation in t...
CVE-2025-33036
CVE-2025-33036 is a path traversal vulnerability affecting QNAP Qsync Central. The issue allows an authenticated attacker to read arbitrary files or system data due to improper handling of file paths. The CVE is fixed in Qsync Central 4.5.0.7 and later (released 2025-04-23). Practical impact is d...
CVE-2025-33038
CVE-2025-33038 is a path-traversal vulnerability in QNAP’s Qsync Central . Prior to version 4.5.0.7 , authenticated remote users could read unexpected files or system data due to the flaw. In fixed versions (4.5.0.7 and later), the issue has been remediated. Attack is network-based with low privi...
CVE-2025-48724
The vulnerability CVE-2025-48724 affects QNAP Qsync Central. A buffer overflow could be triggered after an attacker gains a valid user account, allowing memory modification or process crashes (details in linked advisories). Impact is described as high for integrity and availability in the NVD met...
CVE-2025-29894
CVE-2025-29894 affects QNAP Qsync Central. The vulnerability is an SQL injection in Qsync Central that can be exploited by an authenticated remote attacker to execute unauthorized commands. The issue is addressed in Qsync Central 4.5.0.7 and later. Affected component: Qsync Central (private cloud...
CVE-2025-30278
CVE-2025-30278 affects Qsync Central. The vulnerability is an improper certificate validation in Qsync Central prior to 4.5.0.7, allowing a remote attacker who has a user account to compromise system security. Fixed in Qsync Central 4.5.0.7 and later (2025/04/23). CVSS details in the sources show...
CVE-2025-33037
Affects Qsync Central . Description: a path traversal vulnerability that could allow a remote attacker with a current user account to read files or system data. The issue is classified as a network-based vulnerability with low privileges required and no user interaction, leading to potential disc...
CVE-2025-54148
CVE-2025-54148 affects Qsync Central and involves a NULL pointer dereference that can be exploited to trigger a denial-of-service when an attacker with a valid user account connects remotely. The vulnerability is reported to be reachable over the network (attack vector: network) and, according to...
CVE-2025-57710
The CVE-2025-57710 issue affects Qsync Central and is a resource-allocation vulnerability with no throttling. A remote attacker who has an administrator account can exhaust resources, potentially blocking other systems, applications, or processes from accessing the same resource. The root cause i...
CVE-2025-30262
CVE-2025-30262 affects QNAP Qsync Central. A NULL pointer dereference vulnerability exists in the product, exploitable by a remote attacker who has a valid user account to cause a denial-of-service. Affected software is Qsync Central, with fixes available in version 5.0.0.0 and later (fixed June ...
CVE-2025-30276
CVE-2025-30276 is an out-of-bounds write vulnerability affecting QNAP’s Qsync Central . The issue can be exploited by an attacker who already has a remote user account to modify or corrupt memory, with a network attack vector , and requires no user interaction . The vulnerability’s impact is high...
CVE-2025-52867
CVE-2025-52867 affects QNAP Qsync Central. An uncontrolled resource consumption vulnerability can be exploited by a remote attacker who gains a user account to cause a denial-of-service (DoS). The issue is addressed in Qsync Central 5.0.0.2 and later. Connected sources (CNVD/CNNVD/NVD) describe t...
CVE-2025-58467
CVE-2025-58467 concerns a relative path traversal in Qsync Central. The vulnerability could allow a logged-in attacker to read unexpected files or system data once they obtain a user account. A fix is available in Qsync Central 5.0.0.4 and later (dated 2026-01-20). Metrics indicate a CVSSv4 base ...
CVE-2025-30266
The CVE-2025-30266 entry describes a NULL pointer dereference in Qsync Central that could allow a remote attacker with a user account to cause a denial-of-service. Concrete details across connected sources identify Qsync Central as the affected product, with the root cause listed as a NULL pointe...
CVE-2025-52869
CVE-2025-52869 affects Qsync Central. A buffer overflow vulnerability allows a remote, authenticated attacker to modify memory or crash processes. Impact is linked to Qsync Central prior to 5.0.0.4; mitigation is to upgrade to 5.0.0.4 or later. The provided documents confirm the existence, affect...
CVE-2025-54146
CVE-2025-54146 affects Qsync Central. A NULL pointer dereference allows a remote attacker who has a user account to trigger a denial-of-service (DoS). The issue is mitigated by upgrading to Qsync Central 5.0.0.4 (released 2026-01-20) or later. According to the provided metrics, this CVE has a CVS...
CVE-2025-44007
CVE-2025-44007 affects QNAP Qsync Central. The issue is an unrestricted resource allocation vulnerability where a user-account–authenticated remote attacker can exhaust resources and block access for other systems, applications, or processes. A fix is available in Qsync Central 5.0.0.1 and later ...
CVE-2025-47209
CVE-2025-47209 : A NULL pointer dereference affects Qsync Central . If a remote attacker gains a user account , they can trigger a DoS . The issue is fixed in Qsync Central 5.0.0.4 (2026-01-20) and later; CVSS-like metrics indicate low privileges and network access with no user interaction. Explo...
CVE-2025-48723
CVE-2025-48723 describes a buffer overflow in Qsync Central. A remote attacker who has a user account can exploit this vulnerability to modify memory or crash processes. A fixed version is available: Qsync Central 5.0.0.4 and later (2026-01-20). Affected products are Qsync Central versions prior ...
CVE-2025-54150
CVE-2025-54150 affects QNAP Qsync Central. It is an uncontrolled resource consumption vulnerability that allows a local attacker with a user account to trigger a denial-of-service (DoS). The issue has been fixed in Qsync Central 5.0.0.4 (2026-01-20) and later. CVSS metrics are provided, but explo...
CVE-2025-54153
CVE-2025-54153 describes an SQL injection vulnerability in QNAP Qsync Central . According to multiple sources, a remote attacker who already has a user account can exploit this to execute unauthorized code or commands. The issue is rated high priority with a CVSS of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C...
CVE-2025-57712
CVE-2025-57712 is a path traversal vulnerability affecting Qsync Central. A remote attacker who has a user account can exploit it to read contents of unexpected files or system data. The issue is fixed in Qsync Central 5.0.0.3 (2025-08-28) and later. Multiple connected sources corroborate the imp...
CVE-2025-58472
CVE-2025-58472 is a NULL pointer dereference in Qsync Central. A remote attacker with administrator privileges can trigger a DoS. Affected product: Qsync Central; vulnerable component: not explicitly broken out beyond the OS software. Root cause: NULL pointer dereference (as described in multiple...
CVE-2025-48722
CVE-2025-48722 describes a NULL pointer dereference in Qsync Central . If a remote attacker can obtain a user account, they can trigger a denial-of-service (DoS) against the service. Affected: Qsync Central prior to 5.0.0.4. Root cause: NULL pointer dereference leading to service disruption. Impa...
CVE-2025-53595
CVE-2025-53595 concerns QNAP Qsync Central. Multiple connected sources confirm an SQL injection vulnerability in Qsync Central caused by inadequate validation of externally supplied SQL statements, allowing a remote user with an account to potentially execute unauthorized code or commands. A fixe...
CVE-2025-54152
CVE-2025-54152 affects Qsync Central with a use of out-of-range pointer offset vulnerability. According to the reports, if a remote attacker gains a user account, they can exploit the flaw to read sensitive portions of memory. A fixed version is available: Qsync Central 5.0.0.4 (2026-01-20) and l...
CVE-2025-58471
CVE-2025-58471 affects QNAP Qsync Central. The issue is an allocation of resources without limits or throttling, which an admin-authenticated remote attacker could exploit to cause a denial of service by preventing other systems, applications, or processes from accessing the same type of resource...
CVE-2025-33040
Summary of CVE-2025-33040 (Qsync Central) : The vulnerability is an allocation of resources without limits/throttling affecting Qsync Central. A remote attacker who can obtain a user account could exploit this to exhaust resources and prevent other systems, applications, or processes from accessi...
CVE-2025-44008
CVE-2025-44008 describes a NULL pointer dereference in QNAP Qsync Central. The vulnerability allows a remote attacker with a user account to trigger a denial-of-service (DoS). Affected software appears to be Qsync Central prior to version 5.0.0.1. The issue has been fixed in Qsync Central 5.0.0.1...
CVE-2025-44010
CVE-2025-44010 describes a NULL pointer dereference in Qsync Central that can be triggered by a remote attacker who has a user account, potentially leading to a denial-of-service (DoS). Affected software is Qsync Central, specifically versions prior to 5.0.0.1. The issue’s root cause is a NULL po...
CVE-2025-44012
CVE-2025-44012 affects QNAP Qsync Central. The root cause is an allocation of resources without limits or throttling, allowing a remote attacker with a valid user account to exhaust resources and block access for other systems, applications, or processes. Affected are Qsync Central versions prior...
CVE-2025-52870
CVE-2025-52870 is a buffer‑overflow vulnerability in Qsync Central. The issue allows a remote attacker who has a user account to exploit memory corruption or crash processes. Public details identify the affected software as Qsync Central, with the root cause described as a buffer overflow. remedi...
CVE-2025-54147
CVE-2025-54147 affects Qsync Central via a NULL pointer dereference that can be triggered remotely after an attacker gains a user account, enabling a DoS. Impact: availability loss with no confidentiality/integrity impact per the published metrics. Remediation: fixed in Qsync Central 5.0.0.4 (202...
CVE-2025-54149
CVE-2025-54149 affects Qsync Central and is an uncontrolled resource consumption vulnerability leading to a DoS. The issue is exploitable by a local attacker who has a user account, exploiting the vulnerability to exhaust resources. A fixed version is available: Qsync Central 5.0.0.4 (released 20...
CVE-2025-54151
CVE-2025-54151 affects Qnap Qsync Central. An Uncontrolled Resource Consumption vulnerability can be exploited by a local user account to launch a denial-of-service. The issue is reachable over the network (attack vector: NETWORK) with low privileges required and no user interaction. The impact i...
CVE-2025-57708
CVE-2025-57708 is an allocation of resources without limits or throttling affecting Qsync Central . The root cause is resource exhaustion that can be triggered when a remote attacker gains a user account, enabling them to prevent other systems, applications, or processes from accessing the same t...
CVE-2025-57709
The CVE-2025-57709 issue affects Qsync Central. A buffer overflow in Qsync Central (prior to version 5.0.0.4) can allow a remote attacker with a valid user account to modify memory or crash processes. The fixed version is Qsync Central 5.0.0.4 (2026-01-20) and later. Affected scope includes Qsync...
CVE-2025-57711
CVE-2025-57711 affects Qnap Qsync Central and describes an allocation of resources without limits or throttling. The vulnerability is exploitable remotely by an attacker who already has an administrator account, allowing them to disrupt access to the same type of resource for other systems, appli...