Qts
by Qnap
CVEs (273)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-53693 | 0.00 | — | 0.00 | Mar 7, 2025 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already… | |||
| CVE-2024-53692 | 0.00 | — | 0.01 | Mar 7, 2025 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the… | |||
| CVE-2024-50405 | 0.00 | — | 0.00 | Mar 7, 2025 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We… | |||
| CVE-2024-38638 | 0.00 | — | 0.00 | Mar 7, 2025 | An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. … | |||
| CVE-2022-27600 | 0.00 | — | 0.01 | Dec 19, 2024 | An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the… | |||
| CVE-2024-50403 | 0.00 | — | 0.00 | Dec 6, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50402 | 0.00 | — | 0.01 | Dec 6, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50393 | 0.00 | — | 0.01 | Dec 6, 2024 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954… | |||
| CVE-2024-48868 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in… | |||
| CVE-2024-48867 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in… | |||
| CVE-2024-48866 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in… | |||
| CVE-2024-48865 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability… | |||
| CVE-2024-48859 | 0.00 | — | 0.01 | Dec 6, 2024 | An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions:… | |||
| CVE-2024-37041 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-37042 | 0.00 | — | 0.01 | Nov 22, 2024 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the… | |||
| CVE-2024-37043 | 0.00 | — | 0.01 | Nov 22, 2024 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have… | |||
| CVE-2024-37044 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-37045 | 0.00 | — | 0.01 | Nov 22, 2024 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the… | |||
| CVE-2024-37046 | 0.00 | — | 0.01 | Nov 22, 2024 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have… | |||
| CVE-2024-37047 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… |
- CVE-2024-53693Mar 7, 2025risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already…
- CVE-2024-53692Mar 7, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the…
- CVE-2024-50405Mar 7, 2025risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We…
- CVE-2024-38638Mar 7, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. …
- CVE-2022-27600Dec 19, 2024risk 0.00cvss —epss 0.01
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the…
- CVE-2024-50403Dec 6, 2024risk 0.00cvss —epss 0.00
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50402Dec 6, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50393Dec 6, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954…
- CVE-2024-48868Dec 6, 2024risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in…
- CVE-2024-48867Dec 6, 2024risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in…
- CVE-2024-48866Dec 6, 2024risk 0.00cvss —epss 0.00
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in…
- CVE-2024-48865Dec 6, 2024risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability…
- CVE-2024-48859Dec 6, 2024risk 0.00cvss —epss 0.01
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions:…
- CVE-2024-37041Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-37042Nov 22, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…
- CVE-2024-37043Nov 22, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have…
- CVE-2024-37044Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-37045Nov 22, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…
- CVE-2024-37046Nov 22, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have…
- CVE-2024-37047Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
Page 7 of 14