Qts Security Vulnerabilities and Issues — Page 3 of Qts CVE List

Lucene search

QnapQts

154 matches found

CVE•added 2024/02/02 4:15 p.m.•43 views

CVE-2023-39302

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 buil...

7.2CVSS8.5AI score0.00093EPSS

CVE•added 2024/09/06 5:15 p.m.•43 views

CVE-2023-51367

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 build 2024...

8.8CVSS6.6AI score0.00422EPSS

CVE•added 2024/09/06 5:15 p.m.•42 views

CVE-2023-34979

7.2CVSS6.9AI score0.0029EPSS

CVE•added 2024/04/26 3:15 p.m.•42 views

CVE-2023-50363

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions:QTS 5....

8.1CVSS7.2AI score0.00017EPSS

CVE•added 2018/11/27 9:0 p.m.•41 views

CVE-2018-0719

Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

5.5CVSS5.4AI score0.00226EPSS

CVE•added 2019/12/04 5:16 p.m.•41 views

CVE-2019-7197

A stored cross-site scripting (XSS) vulnerability has been reported to affect multiple versions of QTS. If exploited, this vulnerability may allow an attacker to inject and execute scripts on the administrator console. To fix this vulnerability, QNAP recommend updating QTS to the latest version.

4.8CVSS4.9AI score0.0031EPSS

CVE•added 2015/10/16 1:59 a.m.•40 views

CVE-2015-6003

Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

9.3CVSS7AI score0.02509EPSS

CVE•added 2017/12/21 3:29 p.m.•40 views

CVE-2017-17031

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.

9.8CVSS9.9AI score0.03236EPSS

CVE•added 2018/03/27 9:29 p.m.•40 views

CVE-2017-7631

Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.0025EPSS

CVE•added 2018/11/30 2:29 p.m.•40 views

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.

6.1CVSS6.2AI score0.00272EPSS

CVE•added 2024/09/06 5:15 p.m.•40 views

CVE-2023-39298

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.QuTScloud, is not affe...

7.8CVSS7.4AI score0.00025EPSS

CVE•added 2024/02/02 4:15 p.m.•40 views

CVE-2023-41275

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:QT...

7.2CVSS7.2AI score0.00048EPSS

CVE•added 2024/01/05 5:15 p.m.•40 views

CVE-2023-45042

7.2CVSS7AI score0.00081EPSS

CVE•added 2024/09/06 5:15 p.m.•40 views

CVE-2023-51368

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.6.2722 b...

6.5CVSS5.6AI score0.00184EPSS

CVE•added 2018/06/21 1:29 p.m.•39 views

CVE-2017-13072

Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.

6.1CVSS6AI score0.00272EPSS

CVE•added 2023/12/08 4:15 p.m.•39 views

CVE-2023-23372

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 an...

6.5CVSS5.9AI score0.00294EPSS

CVE•added 2018/03/27 9:29 p.m.•38 views

CVE-2017-7632

Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6AI score0.0025EPSS

CVE•added 2024/02/02 4:15 p.m.•38 views

CVE-2023-41273

A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.2.2533 bui...

7.2CVSS7.1AI score0.00051EPSS

CVE•added 2018/03/27 9:29 p.m.•37 views

CVE-2017-7630

QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi.

5.3CVSS5AI score0.0023EPSS

CVE•added 2019/12/04 5:16 p.m.•37 views

CVE-2018-0730

This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.

9.8CVSS9.7AI score0.01203EPSS

CVE•added 2024/02/02 4:15 p.m.•37 views

CVE-2023-45026

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in th...

5.5CVSS5.6AI score0.00057EPSS

CVE•added 2024/02/02 4:15 p.m.•37 views

CVE-2023-45027

5.5CVSS5.6AI score0.00057EPSS

CVE•added 2014/01/09 6:7 p.m.•36 views

CVE-2013-7174

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.

7.8CVSS6.8AI score0.00527EPSS

CVE•added 2016/07/03 2:59 p.m.•36 views

CVE-2015-5664

Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00309EPSS

CVE•added 2024/02/02 4:15 p.m.•36 views

CVE-2023-39297

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.4.2596 build 2023112...

8.8CVSS9.3AI score0.00301EPSS

CVE•added 2024/02/02 4:15 p.m.•35 views

CVE-2023-39303

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.3.2578 bui...

9.8CVSS9.3AI score0.00256EPSS

CVE•added 2024/02/02 4:15 p.m.•35 views

CVE-2023-41281

7.2CVSS7.4AI score0.00092EPSS

CVE•added 2024/02/02 4:15 p.m.•35 views

CVE-2023-45028

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the fo...

5.5CVSS4.9AI score0.00035EPSS

CVE•added 2023/10/06 5:15 p.m.•34 views

CVE-2023-32972

7.2CVSS5.7AI score0.00081EPSS

CVE•added 2023/11/03 5:15 p.m.•34 views

CVE-2023-39301

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions:QTS 5.0.1....

4.3CVSS4.2AI score0.00195EPSS

CVE•added 2024/02/02 4:15 p.m.•34 views

CVE-2023-41277

7.2CVSS7.2AI score0.00043EPSS

CVE•added 2024/01/05 5:15 p.m.•34 views

CVE-2023-45040

7.2CVSS7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•34 views

CVE-2023-47568

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.5.2645 build 20240116 a...

8.8CVSS8.7AI score0.00113EPSS

CVE•added 2018/11/28 4:29 p.m.•33 views

CVE-2018-14747

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.

7.5CVSS7.9AI score0.006EPSS

CVE•added 2018/11/28 4:29 p.m.•33 views

CVE-2018-14748

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

7.8CVSS7.9AI score0.00622EPSS

CVE•added 2021/06/24 7:15 a.m.•33 views

CVE-2021-28800

A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504;...

9.8CVSS9.4AI score0.00784EPSS

CVE•added 2024/01/05 5:15 p.m.•33 views

CVE-2023-45043

7.2CVSS7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•31 views

CVE-2023-41283

7.2CVSS7.4AI score0.00107EPSS

CVE•added 2024/02/02 4:15 p.m.•31 views

CVE-2023-45035

7.2CVSS7.2AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•30 views

CVE-2023-41292

7.2CVSS7.2AI score0.00081EPSS

CVE•added 2024/01/05 5:15 p.m.•30 views

CVE-2023-45041

7.2CVSS7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•30 views

CVE-2023-47566

7.2CVSS7.4AI score0.00106EPSS

CVE•added 2024/02/02 4:15 p.m.•29 views

CVE-2023-50359

An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors....

6.7CVSS6.4AI score0.00025EPSS

CVE•added 2023/12/08 4:15 p.m.•28 views

CVE-2023-32975

7.2CVSS6.1AI score0.0007EPSS

CVE•added 2024/02/02 4:15 p.m.•28 views

CVE-2023-41274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following ve...

5.5CVSS5.8AI score0.00047EPSS

CVE•added 2024/02/02 4:15 p.m.•28 views

CVE-2023-41278

7.2CVSS7.2AI score0.00061EPSS

CVE•added 2024/02/02 4:15 p.m.•28 views

CVE-2023-45036

7.2CVSS7.2AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•27 views

CVE-2023-41276

7.2CVSS7.2AI score0.00048EPSS

CVE•added 2024/02/02 4:15 p.m.•27 views

CVE-2023-41280

7.2CVSS7.2AI score0.00061EPSS

CVE•added 2024/02/02 4:15 p.m.•26 views

CVE-2023-32967

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerabil...

6.5CVSS6.5AI score0.00035EPSS

Total number of security vulnerabilities154