Qts Security Vulnerabilities and Issues — Qts CVE List

Lucene search

QnapQts

48 matches found

CVE•added 2023/03/29 5:15 a.m.•92 views

CVE-2023-23355

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.QES is not affected. We have already fixed the vulnerability in the following ver...

7.2CVSS6.9AI score0.0033EPSS

CVE•added 2017/03/23 4:59 p.m.•57 views

CVE-2017-5227

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.

7.5CVSS7.2AI score0.17977EPSS

CVE•added 2023/11/10 3:15 p.m.•57 views

CVE-2023-23367

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions:QTS 5.0.1.2376 buil...

7.2CVSS6.1AI score0.00163EPSS

CVE•added 2024/01/05 5:15 p.m.•57 views

CVE-2023-39294

7.2CVSS7.8AI score0.00125EPSS

CVE•added 2024/09/06 5:15 p.m.•56 views

CVE-2023-39300

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions:QTS 4.3.6.2805 build 20240619 and laterQTS 4.3....

7.2CVSS7.2AI score0.00236EPSS

CVE•added 2020/11/16 1:15 a.m.•54 views

CVE-2020-2490

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

7.2CVSS7.3AI score0.02307EPSS

CVE•added 2020/11/16 1:15 a.m.•53 views

CVE-2020-2492

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

7.2CVSS7.3AI score0.02622EPSS

CVE•added 2020/12/31 5:15 p.m.•52 views

CVE-2018-19944

A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 bu...

7.5CVSS7.5AI score0.00146EPSS

CVE•added 2021/09/10 4:15 a.m.•52 views

CVE-2021-34343

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.17...

7.2CVSS7.2AI score0.00667EPSS

CVE•added 2024/01/05 5:15 p.m.•52 views

CVE-2023-45039

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:QT...

7.2CVSS7AI score0.00081EPSS

CVE•added 2020/12/31 5:15 p.m.•51 views

CVE-2018-19941

A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build...

7.5CVSS7.3AI score0.00151EPSS

CVE•added 2023/12/08 4:15 p.m.•50 views

CVE-2023-32968

7.2CVSS5.9AI score0.00062EPSS

CVE•added 2024/02/02 4:15 p.m.•50 views

CVE-2023-47567

7.2CVSS8AI score0.00093EPSS

CVE•added 2023/10/06 5:15 p.m.•49 views

CVE-2023-32971

7.2CVSS5.7AI score0.00081EPSS

CVE•added 2021/01/11 3:15 p.m.•48 views

CVE-2020-2508

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and lat...

7.2CVSS7.5AI score0.01945EPSS

CVE•added 2024/09/06 5:15 p.m.•48 views

CVE-2024-38641

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions:QTS 5.1.8.2823 bui...

7.8CVSS7.8AI score0.00183EPSS

CVE•added 2023/10/13 8:15 p.m.•47 views

CVE-2023-32974

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:QT...

7.5CVSS7.2AI score0.00305EPSS

CVE•added 2017/06/15 8:29 p.m.•46 views

CVE-2017-7629

QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.

7.5CVSS8.1AI score0.00284EPSS

CVE•added 2024/01/05 5:15 p.m.•45 views

CVE-2023-39296

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnera...

7.5CVSS8.4AI score0.00361EPSS

CVE•added 2023/10/13 8:15 p.m.•44 views

CVE-2023-32973

7.2CVSS5.7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•43 views

CVE-2023-39302

7.2CVSS8.5AI score0.00093EPSS

CVE•added 2024/09/06 5:15 p.m.•42 views

CVE-2023-34979

7.2CVSS6.9AI score0.0029EPSS

CVE•added 2024/09/06 5:15 p.m.•40 views

CVE-2023-39298

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.QuTScloud, is not affe...

7.8CVSS7.4AI score0.00025EPSS

CVE•added 2024/02/02 4:15 p.m.•40 views

CVE-2023-41275

7.2CVSS7.2AI score0.00048EPSS

CVE•added 2024/01/05 5:15 p.m.•40 views

CVE-2023-45042

7.2CVSS7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•38 views

CVE-2023-41273

A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.2.2533 bui...

7.2CVSS7.1AI score0.00051EPSS

CVE•added 2014/01/09 6:7 p.m.•36 views

CVE-2013-7174

Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.

7.8CVSS6.8AI score0.00527EPSS

CVE•added 2024/02/02 4:15 p.m.•35 views

CVE-2023-41281

7.2CVSS7.4AI score0.00092EPSS

CVE•added 2023/10/06 5:15 p.m.•34 views

CVE-2023-32972

7.2CVSS5.7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•34 views

CVE-2023-41277

7.2CVSS7.2AI score0.00043EPSS

CVE•added 2024/01/05 5:15 p.m.•34 views

CVE-2023-45040

7.2CVSS7AI score0.00081EPSS

CVE•added 2018/11/28 4:29 p.m.•33 views

CVE-2018-14747

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.

7.5CVSS7.9AI score0.006EPSS

CVE•added 2018/11/28 4:29 p.m.•33 views

CVE-2018-14748

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.

7.8CVSS7.9AI score0.00622EPSS

CVE•added 2024/01/05 5:15 p.m.•33 views

CVE-2023-45043

7.2CVSS7AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•31 views

CVE-2023-41283

7.2CVSS7.4AI score0.00107EPSS

CVE•added 2024/02/02 4:15 p.m.•31 views

CVE-2023-45035

7.2CVSS7.2AI score0.00081EPSS

CVE•added 2024/02/02 4:15 p.m.•30 views

CVE-2023-41292