Qsync Central
by Qnap
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29892 | Hig | 0.57 | 8.8 | 0.00 | Jun 6, 2025 | An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync… | ||
| CVE-2025-22482 | Hig | 0.53 | 8.1 | 0.00 | Jun 6, 2025 | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the… | ||
| CVE-2018-0716 | Med | 0.40 | 6.1 | 0.01 | Nov 30, 2018 | Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. | ||
| CVE-2025-30269 | 0.00 | — | 0.00 | Feb 11, 2026 | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the… | |||
| CVE-2025-30276 | 0.00 | — | 0.01 | Feb 11, 2026 | An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central… | |||
| CVE-2025-52870 | 0.00 | — | 0.00 | Feb 11, 2026 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central… | |||
| CVE-2025-54146 | 0.00 | — | 0.00 | Feb 11, 2026 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-54147 | 0.00 | — | 0.00 | Feb 11, 2026 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-54148 | 0.00 | — | 0.00 | Feb 11, 2026 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-54150 | 0.00 | — | 0.00 | Feb 11, 2026 | An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following… | |||
| CVE-2025-57709 | 0.00 | — | 0.01 | Feb 11, 2026 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central… | |||
| CVE-2025-58470 | 0.00 | — | 0.01 | Feb 11, 2026 | A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following… | |||
| CVE-2025-58472 | 0.00 | — | 0.01 | Feb 11, 2026 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following… | |||
| CVE-2025-57712 | 0.00 | — | 0.00 | Nov 7, 2025 | A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following… | |||
| CVE-2025-54153 | 0.00 | — | 0.00 | Oct 3, 2025 | An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central… | |||
| CVE-2025-44014 | 0.00 | — | 0.00 | Oct 3, 2025 | An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central… | |||
| CVE-2025-44010 | 0.00 | — | 0.00 | Oct 3, 2025 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-44008 | 0.00 | — | 0.00 | Oct 3, 2025 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:… | |||
| CVE-2025-44007 | 0.00 | — | 0.00 | Oct 3, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… | |||
| CVE-2025-44006 | 0.00 | — | 0.00 | Oct 3, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… |
- risk 0.57cvss 8.8epss 0.00
An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync…
- risk 0.53cvss 8.1epss 0.00
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application.
- CVE-2025-30269Feb 11, 2026risk 0.00cvss —epss 0.00
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the…
- CVE-2025-30276Feb 11, 2026risk 0.00cvss —epss 0.01
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central…
- CVE-2025-52870Feb 11, 2026risk 0.00cvss —epss 0.00
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central…
- CVE-2025-54146Feb 11, 2026risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-54147Feb 11, 2026risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-54148Feb 11, 2026risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-54150Feb 11, 2026risk 0.00cvss —epss 0.00
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following…
- CVE-2025-57709Feb 11, 2026risk 0.00cvss —epss 0.01
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central…
- CVE-2025-58470Feb 11, 2026risk 0.00cvss —epss 0.01
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following…
- CVE-2025-58472Feb 11, 2026risk 0.00cvss —epss 0.01
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following…
- CVE-2025-57712Nov 7, 2025risk 0.00cvss —epss 0.00
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following…
- CVE-2025-54153Oct 3, 2025risk 0.00cvss —epss 0.00
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central…
- CVE-2025-44014Oct 3, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central…
- CVE-2025-44010Oct 3, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-44008Oct 3, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version:…
- CVE-2025-44007Oct 3, 2025risk 0.00cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
- CVE-2025-44006Oct 3, 2025risk 0.00cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
Page 1 of 2