Lucene search
+L

15 matches found

cve
cve
added 2024/03/08 4:17 p.m.151 views

CVE-2024-21899

CVE-2024-21899 describes an improper authentication vulnerability affecting several QNAP operating system lines (QTS and QuTS variants). The connected sources specify impact on QTS 5.1.3.2578 build 20231110 and later, QTS 4.5.4.2627 build 20231225 and later, QuTS hero h5.1.3.2578 build 20231110 a...

9.8CVSS9.4AI score0.24365EPSS
In wild
cve
cve
added 2022/05/05 4:50 p.m.117 views

CVE-2021-44051

CVE-2021-44051 affects QNAP NAS running QTS, QuTS hero, and QuTScloud (remote command execution via a command-injection flaw). The NVD entry lists CVSS v3.1 base score 8.8 (high) with network access, low attack complexity, and no user interaction required; impact to confidentiality, integrity, an...

8.8CVSS8.9AI score0.01588EPSS
cve
cve
added 2022/05/05 4:50 p.m.116 views

CVE-2021-38693

CVE-2021-38693 is a path-traversal vulnerability affecting QNAP devices running QuTScloud, QuTS hero, QTS, and QVR Pro Appliance. The issue is triggered via path traversal in thttpd, enabling read access to potentially sensitive files. Public references in the provided documents confirm remediati...

5.3CVSS5.1AI score0.00888EPSS
cve
cve
added 2022/05/05 4:50 p.m.105 views

CVE-2021-44054

CVE-2021-44054: Open redirect in QNAP devices running QuTScloud, QuTS hero, and QTS. Affects QuTScloud, QuTS hero (h5.0.0.1949+; build 20220215+) and (h4.5.4.1951; build 20220218+), as well as QTS (5.0.0.1986; build 20220324+) and (4.5.4.1991; build 20220329+). Root cause described as an open red...

6.1CVSS5.2AI score0.00544EPSS
cve
cve
added 2022/05/05 4:50 p.m.101 views

CVE-2021-44053

CVE-2021-44053 is a cross-site scripting (XSS) vulnerability affecting QNAP devices running QTS, QuTS hero, and QuTScloud. The issue allows remote attackers to inject malicious code. Fixed in QTS 4.5.4.1991 build 20220329 and later, QTS 5.0.0.1986 build 20220324 and later, QuTS hero h5.0.0.1986 b...

6.1CVSS5.7AI score0.00706EPSS
cve
cve
added 2024/03/08 4:17 p.m.95 views

CVE-2024-21900

The CVE-2024-21900 entry describes an injection vulnerability affecting several QNAP operating system versions. Authenticated users could potentially execute commands over the network due to the underlying injection flaw. Affected product families include QTS, QuTS hero, and QuTScloud. Remediatio...

6.5CVSS5.5AI score0.09409EPSS
cve
cve
added 2021/06/03 2:45 a.m.93 views

CVE-2021-28806

CVE-2021-28806 is a DOM-based XSS affecting QNAP NAS UI components in QTS and QuTS hero. Affected: QTS before 4.5.3.1652 Build 20210428; QuTS hero before h4.5.2.1638 Build 20210414; QuTScloud before c4.5.5.1656 Build 20210503. Not affecting QTS 4.3.6/4.3.3. Root cause: DOM-based XSS in web interf...

5.7CVSS5.3AI score0.00505EPSS
cve
cve
added 2021/09/10 4:0 a.m.92 views

CVE-2021-28816

CVE-2021-28816 is a stack-based buffer overflow affecting QNAP QTS, QuTScloud, and QuTS hero. The vulnerability could allow arbitrary code execution if exploited. Affected QTS/QuTS versions fixed include QTS 4.5.4.1715 build 20210630 and later, QTS 5.0.0.1716 build 20210701 and later, QTS 4.3.3.1...

8.8CVSS8.6AI score0.00928EPSS
cve
cve
added 2022/05/05 4:50 p.m.87 views

CVE-2021-44052

CVE-2021-44052 affects QNAP devices running QuTScloud, QuTS hero, and QTS. It is an improper link resolution before file access ("link following") vulnerability that could allow remote attackers to traverse the file system and read or overwrite files in unintended locations. Affected components a...

8.1CVSS7AI score0.01485EPSS
cve
cve
added 2021/04/16 1:10 a.m.82 views

CVE-2018-19942

CVE-2018-19942 is a cross-site scripting (XSS) vulnerability affecting earlier versions of QNAP File Station. The included sources indicate the flaw was fixed in multiple product lines and versions, including QTS 4.5.2.1566 and later, QTS 4.5.1.1456 and later, QTS 4.3.6.1446 and later, QTS 4.3.4....

6.1CVSS6AI score0.00746EPSS
cve
cve
added 2022/01/07 1:15 a.m.70 views

CVE-2021-38674

CVE-2021-38674 is an XSS vulnerability affecting QTS, QuTS hero, and QuTScloud. Publicly documented vulnerable components include the QTS/QTS hero/QuTScloud web interfaces, with remote attacker exploitation enabling injection of malicious code. The NVD/NVD-derived entries list fixes in QTS 4.5.4....

6.1CVSS5.1AI score0.00636EPSS
cve
cve
added 2021/09/10 4:0 a.m.68 views

CVE-2021-34343

CVE-2021-34343 describes a stack buffer overflow affecting QNAP devices running QTS, QuTScloud, and QuTS hero . The vulnerability could allow an attacker to execute arbitrary code. Affected releases have been fixed in: QTS 4.5.4.1715 build 20210630 and later , QTS 5.0.0.1716 build 20210701 and la...

7.2CVSS7.2AI score0.0195EPSS
cve
cve
added 2020/12/31 4:33 p.m.64 views

CVE-2018-19941

CVE-2018-19941 affects QNAP NAS devices, enabling an attacker to read sensitive information stored in cleartext cookies. Concrete details in connected sources show the affected products and fixed versions: QTS 4.5.1.1456 build 20201015 (and later); QuTS hero h4.5.1.1472 build 20201031 (and later)...

7.5CVSS7.3AI score0.00658EPSS
cve
cve
added 2021/09/10 4:0 a.m.58 views

CVE-2018-19957

CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...

6.1CVSS6.3AI score0.00707EPSS
cve
cve
added 2023/11/03 4:34 p.m.45 views

CVE-2023-39301

CVE-2023-39301 describes an SSRF vulnerability affecting QNAP QTS/QTS Hero/QTScloud, allowing authenticated users to read application data over the network. Affected products include QTS (versions prior to 5.0.1.2514 and 5.1.1.2491+), QuTS hero (h5.0.1.2515 and h5.1.1.2488+), and QuTScloud (c5.1....

4.3CVSS4.2AI score0.00335EPSS