VYPR

Vendor CVEs

Qnap

All CVEs

486 total · sorted by risk
  • CVE-2024-48861Nov 22, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later

  • CVE-2024-48862Nov 22, 2024
    risk 0.00cvss epss 0.01

    A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the…

  • CVE-2024-50396Nov 22, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the…

  • CVE-2024-50397Nov 22, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed…

  • CVE-2024-50398Nov 22, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…

  • CVE-2024-50399Nov 22, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…

  • CVE-2024-50400Nov 22, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…

  • CVE-2024-50401Nov 22, 2024
    risk 0.00cvss epss 0.01

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…

  • CVE-2024-38641Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following…

  • CVE-2024-32763Sep 6, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-21906Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-34979Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-34974Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the…

  • CVE-2024-32771Sep 6, 2024
    risk 0.00cvss epss 0.00

    An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication…

  • CVE-2023-39298Sep 6, 2024
    risk 0.00cvss epss 0.00

    A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.…

  • CVE-2023-39300Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build…

  • CVE-2024-21904Sep 6, 2024
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the…

  • CVE-2024-21903Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-21898Sep 6, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS…

  • CVE-2024-21897Sep 6, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-51368Sep 6, 2024
    risk 0.00cvss epss 0.00

    A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-51367Sep 6, 2024
    risk 0.00cvss epss 0.00

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS…

  • CVE-2023-51366Sep 6, 2024
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the…

  • CVE-2023-50366Sep 6, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the…

  • CVE-2024-27129May 21, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-27128May 21, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-27127May 21, 2024
    risk 0.00cvss epss 0.01

    A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS…

  • CVE-2024-21902May 21, 2024
    risk 0.00cvss epss 0.00

    An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the…

  • CVE-2023-47220May 3, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media…

  • CVE-2023-41291Apr 26, 2024
    risk 0.00cvss epss 0.00

    A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the…

  • CVE-2023-50361Apr 26, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-50362Apr 26, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…

  • CVE-2023-50363Apr 26, 2024
    risk 0.00cvss epss 0.00

    An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the…

  • CVE-2023-50364Apr 26, 2024
    risk 0.00cvss epss 0.01

    A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-21905Apr 26, 2024
    risk 0.00cvss epss 0.00

    An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-27124Apr 26, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build…

  • CVE-2024-32764Apr 26, 2024
    risk 0.00cvss epss 0.00

    A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following…

  • CVE-2024-32766Apr 26, 2024
    risk 0.00cvss epss 0.02

    An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build…

  • CVE-2024-29241Mar 28, 2024
    risk 0.00cvss epss 0.01

    Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via…

  • CVE-2024-29240Mar 28, 2024
    risk 0.00cvss epss 0.01

    Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.

  • CVE-2024-29239Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing…

  • CVE-2024-29238Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…

  • CVE-2024-29237Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29236Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…

  • CVE-2024-29235Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29234Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29233Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29232Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…

  • CVE-2024-29231Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via…

  • CVE-2024-29230Mar 28, 2024
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…

Page 6 of 10