Vendor CVEs
Qnap
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30270 | 0.00 | — | 0.00 | Aug 29, 2025 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability… | |||
| CVE-2025-30268 | 0.00 | — | 0.00 | Aug 29, 2025 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in… | |||
| CVE-2025-30267 | 0.00 | — | 0.00 | Aug 29, 2025 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in… | |||
| CVE-2025-30265 | 0.00 | — | 0.00 | Aug 29, 2025 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following… | |||
| CVE-2025-30264 | 0.00 | — | 0.01 | Aug 29, 2025 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following… | |||
| CVE-2025-30261 | 0.00 | — | 0.00 | Aug 29, 2025 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type… | |||
| CVE-2025-29882 | 0.00 | — | 0.00 | Aug 29, 2025 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in… | |||
| CVE-2025-22483 | 0.00 | — | 0.00 | Aug 29, 2025 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already… | |||
| CVE-2025-22482 | 0.00 | — | 0.00 | Jun 6, 2025 | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the… | |||
| CVE-2025-22481 | 0.00 | — | 0.01 | Jun 6, 2025 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following… | |||
| CVE-2024-56805 | 0.00 | — | 0.00 | Jun 6, 2025 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the… | |||
| CVE-2024-13088 | 0.00 | — | 0.00 | Jun 6, 2025 | An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter… | |||
| CVE-2024-13087 | 0.00 | — | 0.01 | Jun 6, 2025 | A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the… | |||
| CVE-2024-53699 | 0.00 | — | 0.00 | Mar 7, 2025 | An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the… | |||
| CVE-2024-53698 | 0.00 | — | 0.00 | Mar 7, 2025 | A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions:… | |||
| CVE-2024-53697 | 0.00 | — | 0.00 | Mar 7, 2025 | An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the… | |||
| CVE-2024-53696 | 0.00 | — | 0.00 | Mar 7, 2025 | A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following… | |||
| CVE-2024-53693 | 0.00 | — | 0.00 | Mar 7, 2025 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already… | |||
| CVE-2024-53692 | 0.00 | — | 0.01 | Mar 7, 2025 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the… | |||
| CVE-2024-50405 | 0.00 | — | 0.00 | Mar 7, 2025 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We… | |||
| CVE-2024-38638 | 0.00 | — | 0.00 | Mar 7, 2025 | An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. … | |||
| CVE-2022-27595 | 0.00 | — | 0.00 | Dec 19, 2024 | An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following… | |||
| CVE-2022-27600 | 0.00 | — | 0.01 | Dec 19, 2024 | An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the… | |||
| CVE-2023-23354 | 0.00 | — | 0.00 | Dec 19, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed… | |||
| CVE-2023-23356 | 0.00 | — | 0.01 | Dec 19, 2024 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the… | |||
| CVE-2023-23357 | 0.00 | — | 0.00 | Dec 19, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have… | |||
| CVE-2024-50403 | 0.00 | — | 0.00 | Dec 6, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50402 | 0.00 | — | 0.01 | Dec 6, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50393 | 0.00 | — | 0.01 | Dec 6, 2024 | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954… | |||
| CVE-2024-48868 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in… | |||
| CVE-2024-48867 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in… | |||
| CVE-2024-48866 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in… | |||
| CVE-2024-48865 | 0.00 | — | 0.00 | Dec 6, 2024 | An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability… | |||
| CVE-2024-48859 | 0.00 | — | 0.01 | Dec 6, 2024 | An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions:… | |||
| CVE-2023-52944 | 0.00 | — | 0.00 | Dec 4, 2024 | Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. | |||
| CVE-2023-52943 | 0.00 | — | 0.00 | Dec 4, 2024 | Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. | |||
| CVE-2024-32767 | 0.00 | — | 0.00 | Nov 22, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo… | |||
| CVE-2024-37041 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-37042 | 0.00 | — | 0.01 | Nov 22, 2024 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the… | |||
| CVE-2024-37043 | 0.00 | — | 0.01 | Nov 22, 2024 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have… | |||
| CVE-2024-37044 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-37045 | 0.00 | — | 0.01 | Nov 22, 2024 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the… | |||
| CVE-2024-37046 | 0.00 | — | 0.01 | Nov 22, 2024 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have… | |||
| CVE-2024-37047 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-37048 | 0.00 | — | 0.01 | Nov 22, 2024 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the… | |||
| CVE-2024-37049 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-37050 | 0.00 | — | 0.01 | Nov 22, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the… | |||
| CVE-2024-38644 | 0.00 | — | 0.02 | Nov 22, 2024 | An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | |||
| CVE-2024-38647 | 0.00 | — | 0.01 | Nov 22, 2024 | An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core… | |||
| CVE-2024-48860 | 0.00 | — | 0.01 | Nov 22, 2024 | An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later |
- CVE-2025-30270Aug 29, 2025risk 0.00cvss —epss 0.00
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability…
- CVE-2025-30268Aug 29, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in…
- CVE-2025-30267Aug 29, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in…
- CVE-2025-30265Aug 29, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following…
- CVE-2025-30264Aug 29, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following…
- CVE-2025-30261Aug 29, 2025risk 0.00cvss —epss 0.00
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type…
- CVE-2025-29882Aug 29, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in…
- CVE-2025-22483Aug 29, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already…
- CVE-2025-22482Jun 6, 2025risk 0.00cvss —epss 0.00
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the…
- CVE-2025-22481Jun 6, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following…
- CVE-2024-56805Jun 6, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the…
- CVE-2024-13088Jun 6, 2025risk 0.00cvss —epss 0.00
An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter…
- CVE-2024-13087Jun 6, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the…
- CVE-2024-53699Mar 7, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the…
- CVE-2024-53698Mar 7, 2025risk 0.00cvss —epss 0.00
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions:…
- CVE-2024-53697Mar 7, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the…
- CVE-2024-53696Mar 7, 2025risk 0.00cvss —epss 0.00
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following…
- CVE-2024-53693Mar 7, 2025risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already…
- CVE-2024-53692Mar 7, 2025risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the…
- CVE-2024-50405Mar 7, 2025risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We…
- CVE-2024-38638Mar 7, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. …
- CVE-2022-27595Dec 19, 2024risk 0.00cvss —epss 0.00
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following…
- CVE-2022-27600Dec 19, 2024risk 0.00cvss —epss 0.01
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the…
- CVE-2023-23354Dec 19, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed…
- CVE-2023-23356Dec 19, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the…
- CVE-2023-23357Dec 19, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have…
- CVE-2024-50403Dec 6, 2024risk 0.00cvss —epss 0.00
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50402Dec 6, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50393Dec 6, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954…
- CVE-2024-48868Dec 6, 2024risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in…
- CVE-2024-48867Dec 6, 2024risk 0.00cvss —epss 0.00
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in…
- CVE-2024-48866Dec 6, 2024risk 0.00cvss —epss 0.00
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in…
- CVE-2024-48865Dec 6, 2024risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability…
- CVE-2024-48859Dec 6, 2024risk 0.00cvss —epss 0.01
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions:…
- CVE-2023-52944Dec 4, 2024risk 0.00cvss —epss 0.00
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
- CVE-2023-52943Dec 4, 2024risk 0.00cvss —epss 0.00
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
- CVE-2024-32767Nov 22, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo…
- CVE-2024-37041Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-37042Nov 22, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…
- CVE-2024-37043Nov 22, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have…
- CVE-2024-37044Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-37045Nov 22, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…
- CVE-2024-37046Nov 22, 2024risk 0.00cvss —epss 0.01
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have…
- CVE-2024-37047Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-37048Nov 22, 2024risk 0.00cvss —epss 0.01
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the…
- CVE-2024-37049Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-37050Nov 22, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the…
- CVE-2024-38644Nov 22, 2024risk 0.00cvss —epss 0.02
An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later
- CVE-2024-38647Nov 22, 2024risk 0.00cvss —epss 0.01
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core…
- CVE-2024-48860Nov 22, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later
Page 5 of 10