Lucene search
K
QnapQutscloud

62 matches found

CVE
CVE
added 2024/02/13 2:45 a.m.268 views

CVE-2023-50358

CVE-2023-50358 is an OS command-injection vulnerability affecting multiple QNAP OS lines, including QTS and QuTS variants. The advisory notes that, if exploited, an attacker could execute commands over the network. QNAP has fixed this vulnerability in specific releases: QTS 5.1.5.2645+ (build 202...

5.8CVSS6.4AI score0.12769EPSS
In wild
CVE
CVE
added 2023/11/03 4:34 p.m.185 views

CVE-2023-23368

CVE-2023-23368 is an OS command injection affecting QNAP QTS/QuTS systems, allowing network-based command execution. Affected products and fixed versions are documented: QTS 5.0.1.2376 build 20230421 and later; QTS 4.5.4.2374 build 20230416 and later; QuTS hero h5.0.1.2376 build 20230421 and late...

9.8CVSS9.7AI score0.18687EPSS
CVE
CVE
added 2024/02/13 2:44 a.m.150 views

CVE-2023-47218

Summary : CVE-2023-47218 is an OS command injection vulnerability affecting QNAP QTS, QuTS Hero, and QuTScloud. The flaw allows unauthenticated users on the local/network path to execute commands remotely via the affected OS components (notably the OS command injection vector reported for QTS/QuT...

8.3CVSS6.3AI score0.89157EPSS
In wildWeb
CVE
CVE
added 2024/03/08 4:17 p.m.150 views

CVE-2024-21899

CVE-2024-21899 describes an improper authentication vulnerability affecting several QNAP operating system lines (QTS and QuTS variants). The connected sources specify impact on QTS 5.1.3.2578 build 20231110 and later, QTS 4.5.4.2627 build 20231225 and later, QuTS hero h5.1.3.2578 build 20231110 a...

9.8CVSS9.4AI score0.24365EPSS
In wild
CVE
CVE
added 2022/05/05 4:50 p.m.117 views

CVE-2021-44051

CVE-2021-44051 affects QNAP NAS running QTS, QuTS hero, and QuTScloud (remote command execution via a command-injection flaw). The NVD entry lists CVSS v3.1 base score 8.8 (high) with network access, low attack complexity, and no user interaction required; impact to confidentiality, integrity, an...

8.8CVSS8.9AI score0.01588EPSS
CVE
CVE
added 2022/05/05 4:50 p.m.115 views

CVE-2021-38693

CVE-2021-38693 is a path-traversal vulnerability affecting QNAP devices running QuTScloud, QuTS hero, QTS, and QVR Pro Appliance. The issue is triggered via path traversal in thttpd, enabling read access to potentially sensitive files. Public references in the provided documents confirm remediati...

5.3CVSS5.1AI score0.00888EPSS
CVE
CVE
added 2023/03/29 4:2 a.m.113 views

CVE-2023-23355

CVE-2023-23355 is an OS command injection affecting QNAP QTS/QuTS hero/QuTScloud (QVR/QVP-related appliances). The vulnerability could allow remote authenticated administrators to execute commands via unspecified vectors; QES is not affected. Affected products and fixed versions are explicitly li...

7.2CVSS6.9AI score0.01226EPSS
CVE
CVE
added 2022/05/05 4:50 p.m.105 views

CVE-2021-44054

CVE-2021-44054: Open redirect in QNAP devices running QuTScloud, QuTS hero, and QTS. Affects QuTScloud, QuTS hero (h5.0.0.1949+; build 20220215+) and (h4.5.4.1951; build 20220218+), as well as QTS (5.0.0.1986; build 20220324+) and (4.5.4.1991; build 20220329+). Root cause described as an open red...

6.1CVSS5.2AI score0.00544EPSS
CVE
CVE
added 2022/05/05 4:50 p.m.99 views

CVE-2021-44053

CVE-2021-44053 is a cross-site scripting (XSS) vulnerability affecting QNAP devices running QTS, QuTS hero, and QuTScloud. The issue allows remote attackers to inject malicious code. Fixed in QTS 4.5.4.1991 build 20220329 and later, QTS 5.0.0.1986 build 20220324 and later, QuTS hero h5.0.0.1986 b...

6.1CVSS5.7AI score0.00706EPSS
CVE
CVE
added 2024/12/19 1:39 a.m.98 views

CVE-2022-27600

CVE-2022-27600 is an uncontrolled resource consumption vulnerability impacting several QNAP OS lines, notably QTS, QuTS hero, and QuTScloud. According to connected sources, remote attackers could cause a denial-of-service (DoS). Affected products/versions include QTS 5.0.1.2277 and later, QTS 4.5...

7.5CVSS7AI score0.00584EPSS
CVE
CVE
added 2024/03/08 4:17 p.m.95 views

CVE-2024-21900

The CVE-2024-21900 entry describes an injection vulnerability affecting several QNAP operating system versions. Authenticated users could potentially execute commands over the network due to the underlying injection flaw. Affected product families include QTS, QuTS hero, and QuTScloud. Remediatio...

6.5CVSS5.5AI score0.09409EPSS
CVE
CVE
added 2021/06/03 2:45 a.m.93 views

CVE-2021-28806

CVE-2021-28806 is a DOM-based XSS affecting QNAP NAS UI components in QTS and QuTS hero. Affected: QTS before 4.5.3.1652 Build 20210428; QuTS hero before h4.5.2.1638 Build 20210414; QuTScloud before c4.5.5.1656 Build 20210503. Not affecting QTS 4.3.6/4.3.3. Root cause: DOM-based XSS in web interf...

5.7CVSS5.3AI score0.00505EPSS
CVE
CVE
added 2021/09/10 4:0 a.m.90 views

CVE-2021-28816

CVE-2021-28816 is a stack-based buffer overflow affecting QNAP QTS, QuTScloud, and QuTS hero. The vulnerability could allow arbitrary code execution if exploited. Affected QTS/QuTS versions fixed include QTS 4.5.4.1715 build 20210630 and later, QTS 5.0.0.1716 build 20210701 and later, QTS 4.3.3.1...

8.8CVSS8.6AI score0.00928EPSS
CVE
CVE
added 2022/05/05 4:50 p.m.87 views

CVE-2021-44052

CVE-2021-44052 affects QNAP devices running QuTScloud, QuTS hero, and QTS. It is an improper link resolution before file access ("link following") vulnerability that could allow remote attackers to traverse the file system and read or overwrite files in unintended locations. Affected components a...

8.1CVSS7AI score0.01485EPSS
CVE
CVE
added 2024/04/26 3:0 p.m.83 views

CVE-2024-32766

CVE-2024-32766 is an OS command injection affecting QNAP QTS (5.1.3.2578+), QTS (4.5.4.2627+), QuTS hero (h5.1.3.2578+, h4.5.4.2626+), and QuTScloud (c5.1.5.2651+). Root cause: insufficient input sanitization allowing network-executed commands. Affected versions are listed; fixes are provided in ...

10CVSS9.6AI score0.02315EPSS
CVE
CVE
added 2021/04/16 1:10 a.m.82 views

CVE-2018-19942

CVE-2018-19942 is a cross-site scripting (XSS) vulnerability affecting earlier versions of QNAP File Station. The included sources indicate the flaw was fixed in multiple product lines and versions, including QTS 4.5.2.1566 and later, QTS 4.5.1.1456 and later, QTS 4.3.6.1446 and later, QTS 4.3.4....

6.1CVSS6AI score0.00746EPSS
CVE
CVE
added 2023/03/29 12:0 a.m.75 views

CVE-2022-27597

CVE-2022-27597 affects QNAP QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). A out-of-bounds read vulnerability could allow remote authenticated administrators to obtain secret values. Affected components are not detailed beyond the OS families; root cause is described as an out-of-bounds...

2.7CVSS3.2AI score0.00658EPSS
CVE
CVE
added 2023/11/10 2:49 p.m.75 views

CVE-2023-23367

CVE-2023-23367 affects multiple QNAP platforms (QTS, QuTS hero, QuTScloud) with an OS command injection vulnerability that could allow authenticated administrators to execute commands over the network. Affected versions: QTS 5.0.1.2376 build 20230421 and later; QuTS hero h5.0.1.2376 build 2023042...

7.2CVSS6.1AI score0.01496EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.73 views

CVE-2023-45025

CVE-2023-45025 is an OS command injection affecting QNAP QTS and QuTS Hero/QS Cloud products. Affected versions include QTS 5.1.4.2596+ (build 20231128+), QTS 4.5.4.2627+ (build 20231225+), QuTS Hero h5.1.4.2596+ (build 20231128+), QuTS Hero h4.5.4.2626+ (build 20231225+), and QuTScloud c5.1.5.26...

9.8CVSS9.7AI score0.01128EPSS
CVE
CVE
added 2023/03/29 12:0 a.m.72 views

CVE-2022-27598

CVE-2022-27598 affects QNAP QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). It is an out-of-bounds read that could allow remote authenticated administrators to obtain secret values. Fixed in QTS 5.0.1.2346 build 20230322+ and QuTS hero h5.0.1.2348 build 20230324+. Connected sources confi...

2.7CVSS3.2AI score0.00658EPSS
CVE
CVE
added 2023/10/06 4:36 p.m.71 views

CVE-2023-32971

Summary: CVE-2023-32971 is a buffer copy without input size checking that affects multiple QNAP OS releases. Affected products/areas: QTS and QuTS hero/QuTScloud family (QTS 5.0.1.2425+, QTS 5.1.0.2444+, QTS 4.5.4.2467+, QuTS hero h5.0.1.2515+, h5.1.0.2424+, h4.5.4.2476+, QuTScloud c5.1.0.2498+)....

7.2CVSS5.7AI score0.00547EPSS
CVE
CVE
added 2022/01/07 1:15 a.m.70 views

CVE-2021-38674

CVE-2021-38674 is an XSS vulnerability affecting QTS, QuTS hero, and QuTScloud. Publicly documented vulnerable components include the QTS/QTS hero/QuTScloud web interfaces, with remote attacker exploitation enabling injection of malicious code. The NVD/NVD-derived entries list fixes in QTS 4.5.4....

6.1CVSS5.1AI score0.00636EPSS
CVE
CVE
added 2024/03/08 4:17 p.m.69 views

CVE-2023-32969

Summary (CVE-2023-32969) A cross-site scripting (XSS) vulnerability affects QNAP’s Network & Virtual Switch across multiple product lines (QuTScloud, QTS, QuTS hero). The issue allows authenticated administrators to inject malicious code via a network. Affected/fixed versions: QuTScloud c5.1.5.26...

4.9CVSS4.7AI score0.00333EPSS
CVE
CVE
added 2021/09/10 4:0 a.m.68 views

CVE-2021-34343

CVE-2021-34343 describes a stack buffer overflow affecting QNAP devices running QTS, QuTScloud, and QuTS hero . The vulnerability could allow an attacker to execute arbitrary code. Affected releases have been fixed in: QTS 4.5.4.1715 build 20210630 and later , QTS 5.0.0.1716 build 20210701 and la...

7.2CVSS7.2AI score0.0195EPSS
CVE
CVE
added 2024/04/26 3:0 p.m.68 views

CVE-2024-27124

CVE-2024-27124 is an OS command injection vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. Exploitation could allow an attacker to execute arbitrary commands over the network, with no required privileges and user interaction needed. The issue has been fixed in: QTS 5.1.3.2578+ (build 2...

7.5CVSS7.8AI score0.01436EPSS
CVE
CVE
added 2024/02/02 4:6 p.m.67 views

CVE-2023-47567

CVE-2023-47567 is an OS command injection affecting multiple QNAP OS lines. The vulnerability could allow authenticated administrators to execute commands over the network. Public artifacts list fixes in specific releases: QTS 5.1.5.2645 build 20240116 and later; QTS 4.5.4.2627 build 20231225 and...

7.2CVSS8AI score0.01108EPSS
CVE
CVE
added 2023/10/13 7:16 p.m.66 views

CVE-2023-32974

CVE-2023-32974 is a path traversal vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. The issue could allow reading content from unexpected files and exposing sensitive data over the network. Affected versions have been fixed in QTS 5.1.0.2444+ (build 20230629+), QuTS hero h5.1.0.2424+ (...

7.5CVSS7.2AI score0.0061EPSS
CVE
CVE
added 2020/12/31 4:33 p.m.64 views

CVE-2018-19941

CVE-2018-19941 affects QNAP NAS devices, enabling an attacker to read sensitive information stored in cleartext cookies. Concrete details in connected sources show the affected products and fixed versions: QTS 4.5.1.1456 build 20201015 (and later); QuTS hero h4.5.1.1472 build 20201031 (and later)...

7.5CVSS7.3AI score0.00658EPSS
CVE
CVE
added 2023/09/22 3:27 a.m.64 views

CVE-2023-23362

CVE-2023-23362 is an OS command injection affecting QNAP QTS, QuTS Hero, QuTScloud. The issue allows remote authenticated users to execute commands via vulnerable QNAP devices. Public disclosures in the provided sources confirm the vulnerability and list fixed versions: QTS 5.0.1.2376 build 20230...

8.8CVSS8.8AI score0.01219EPSS
CVE
CVE
added 2024/04/26 3:1 p.m.64 views

CVE-2023-51364

A path traversal vulnerability (CVE-2023-51364) affects several QNAP operating systems and could allow reading contents of unintended files and exposing sensitive data over a network. Affected products/versions include QTS 5.1.4.2596 build 20231128 and later; QTS 4.5.4.2627 build 20231225 and lat...

8.7CVSS8.2AI score0.4158EPSS
CVE
CVE
added 2023/10/13 7:16 p.m.62 views

CVE-2023-32970

CVE-2023-32970 is a NULL pointer dereference vulnerability affecting several QNAP OS lines. The issue allows authenticated administrators to cause a denial-of-service over the network; QES is not affected. Fixed in: QuTS hero h5.0.1.2515+ (build 20230907+), h5.1.0.2453+ (build 20230708+), h4.5.4....

4.9CVSS5.1AI score0.00501EPSS
CVE
CVE
added 2024/04/26 3:1 p.m.62 views

CVE-2024-21905

CVE-2024-21905 is an integer overflow/wraparound vulnerability affecting QNAP QTS, QuTS Hero, and QuTScloud. The issue could allow an attacker to compromise the system remotely over the network. Affected/confirmed versions include QTS 5.1.3.2578 build 20231110 and later, QuTS Hero h5.1.3.2578 bui...

8.2CVSS7AI score0.00456EPSS
CVE
CVE
added 2023/10/13 7:16 p.m.61 views

CVE-2023-32973

CVE-2023-32973 (QNAP) arises from a buffer copy without input size checking, allowing authenticated administrators to execute code over the network. Documented impact affects multiple QNAP OS lines, with fixed versions listed: QTS 5.0.1.2425+ (build 20230609+), QTS 5.1.0.2444+ (build 20230629+), ...

7.2CVSS5.7AI score0.00547EPSS
CVE
CVE
added 2024/04/26 3:1 p.m.60 views

CVE-2023-51365

CVE-2023-51365 is a path traversal vulnerability in QNAP QTS/QTS Hero/QTScloud products. The issue could allow an attacker to read sensitive files over the network. Fixed in QTS 5.1.4.2596+ (build 20231128), QTS 4.5.4.2627+ (build 20231225), QuTS hero h5.1.3.2578+ (build 20231110), QuTS hero h4.5...

8.7CVSS8.2AI score0.34818EPSS
CVE
CVE
added 2024/02/02 4:3 p.m.59 views

CVE-2023-41273

CVE-2023-41273 is a heap-based buffer overflow affecting several QNAP OS lines (QTS, QuTS hero, QuTScloud). The vulnerability allows an authenticated administrator to execute code over the network. Affected/fixed versions include QTS 5.1.2.2533 build 20230926 and later; QuTS hero h5.1.2.2534 buil...

7.2CVSS7.1AI score0.00555EPSS
CVE
CVE
added 2021/09/10 4:0 a.m.58 views

CVE-2018-19957

CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...

6.1CVSS6.3AI score0.00707EPSS
CVE
CVE
added 2024/02/02 4:3 p.m.58 views

CVE-2023-39302

CVE-2023-39302 is an OS command injection vulnerability in several QNAP OS versions. Affected products include QTS, QuTS hero, and QuTScloud. The root cause is command execution via the network by an authenticated administrator. Impact is described as high in CVSS terms; exploitation requires net...

7.2CVSS8.5AI score0.01073EPSS
CVE
CVE
added 2024/02/02 4:4 p.m.58 views

CVE-2023-41275

CVE-2023-41275 describes a buffer-copy vulnerability in QNAP OSes that allows an authenticated administrator to execute code over the network due to input size mischecking. Affected products include QTS (versions prior to 5.1.2.2533), QuTS hero, and QuTScloud. The underlying root cause is a buffe...

7.2CVSS7.2AI score0.00547EPSS
CVE
CVE
added 2024/02/02 4:6 p.m.58 views

CVE-2023-47568

CVE-2023-47568 is a SQL injection vulnerability reported for several QNAP OS lines (QTS, QTS Hero, QuTS, QuTScloud). The issue allows an authenticated user to inject malicious code via a network, indicating a server-side injection in affected components exposed to network input. The vulnerability...

8.8CVSS8.7AI score0.00535EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.56 views

CVE-2023-45026

CVE-2023-45026 is a path traversal vulnerability reported to affect several QNAP OS lines (QTS, QuTS Hero, QuTScloud). The issue could allow authenticated administrators to read contents of unintended files and expose sensitive data over a network. Fixed in QTS 5.1.5.2645 build 20240116 and later...

5.5CVSS5.6AI score0.00454EPSS
CVE
CVE
added 2023/10/06 4:36 p.m.53 views

CVE-2023-32972

CVE-2023-32972 affects QNAP QTS/QTS hero/QTScloud line: a buffer copy without input size checking can allow an authenticated administrator to execute code over the network. Root cause is improper input size handling in the affected component; no exploit details are provided in the documents. Affe...

7.2CVSS5.7AI score0.00547EPSS
CVE
CVE
added 2024/02/02 4:3 p.m.53 views

CVE-2023-39303

CVE-2023-39303 describes an improper authentication vulnerability in QNAP OSes (QTS, QuTS hero, QuTScloud) that could allow network-based compromise of the system. Affected products include QTS 5.1.3.2578+ (build 20231110 and later), QuTS hero h5.1.3.2578+ (build 20231110 and later), and QuTSclou...

9.8CVSS9.3AI score0.00469EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.53 views

CVE-2023-45028

CVE-2023-45028 is an reported uncontrolled resource consumption vulnerability affecting multiple QNAP OS families (QTS, QuTS hero, QuTScloud). The issue allows authenticated administrators to trigger a network-based denial-of-service (DoS). Affected versions are fixed in QTS 5.1.5.2645/build 2024...

5.5CVSS4.9AI score0.00437EPSS
CVE
CVE
added 2024/02/02 4:3 p.m.52 views

CVE-2023-39297

CVE-2023-39297 is an OS command injection affecting several QNAP OS versions. The root cause is command execution via the network by authenticated users. Impact is high: confidentiality, integrity, and availability are all rated high (CVSS v3.1: 8.8). Affected products include QTS and QuTS Hero/C...

8.8CVSS9.3AI score0.01405EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.52 views

CVE-2023-45027

CVE-2023-45027 is a path-traversal vulnerability affecting multiple QNAP OS lines: QTS, QuTS hero, and QuTScloud. The issue could allow an authenticated administrator to read contents of unexpected files and exfiltrate sensitive data over the network. Fixes are available in: QTS 5.1.5.2645 build ...

5.5CVSS5.6AI score0.00481EPSS
CVE
CVE
added 2024/02/02 4:4 p.m.51 views

CVE-2023-41281

CVE-2023-41281 is an OS command injection vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. Authenticated administrators could execute commands over the network on affected OS versions. QNAP reports fixes in QTS 5.1.4.2596 build 20231128 and later, QuTS hero h5.1.4.2596 build 20231128 a...

7.2CVSS7.4AI score0.00968EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.50 views

CVE-2023-47566

CVE-2023-47566 is an OS command injection affecting several QNAP OS versions (QTS, QuTS hero, QuTScloud). The vulnerability could allow authenticated administrators to execute commands over the network. The specification provides concrete fixes: QTS 5.1.5.2645 build 20240116 and later; QuTS hero ...

7.2CVSS7.4AI score0.01178EPSS
CVE
CVE
added 2024/02/02 4:4 p.m.49 views

CVE-2023-41277

CVE-2023-41277 is a buffer copy vulnerability in QNAP QTS/QuTS products. Affected: QTS 5.1.2.2533 build 20230926 and later; QuTS hero h5.1.2.2534 build 20230927 and later; QuTScloud c5.1.5.2651 and later. Root cause: a buffer copy without checking input size. Impact: remotely exploitable by an au...

7.2CVSS7.2AI score0.00547EPSS
CVE
CVE
added 2024/02/02 4:4 p.m.48 views

CVE-2023-41283

Summary of CVE-2023-41283 (QNAP OS command injection) : An OS command injection vulnerability affecting multiple QNAP OS versions has been reported. If exploited, authenticated administrators could execute commands over the network. The issue has been fixed in: QTS 5.1.4.2596 build 20231128 and l...

7.2CVSS7.4AI score0.00968EPSS
CVE
CVE
added 2024/02/02 4:5 p.m.47 views

CVE-2023-45035

CVE-2023-45035 is a buffer copy vulnerability in QNAP QTS/QuTS OSes that can allow authenticated administrators to execute code over the network. According to the sources, the issue affects QTS 5.1.4.2596 build 20231128 and later, QuTS hero h5.1.4.2596 build 20231128 and later, and QuTScloud c5.1...

7.2CVSS7.2AI score0.0058EPSS
Total number of security vulnerabilities62