Vendor CVEs
Qnap
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48861 | 0.00 | — | 0.01 | Nov 22, 2024 | An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later | |||
| CVE-2024-48862 | 0.00 | — | 0.01 | Nov 22, 2024 | A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the… | |||
| CVE-2024-50396 | 0.00 | — | 0.01 | Nov 22, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the… | |||
| CVE-2024-50397 | 0.00 | — | 0.01 | Nov 22, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed… | |||
| CVE-2024-50398 | 0.00 | — | 0.01 | Nov 22, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50399 | 0.00 | — | 0.01 | Nov 22, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50400 | 0.00 | — | 0.01 | Nov 22, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-50401 | 0.00 | — | 0.01 | Nov 22, 2024 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have… | |||
| CVE-2024-38641 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following… | |||
| CVE-2024-32763 | 0.00 | — | 0.01 | Sep 6, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-21906 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2023-34979 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2023-34974 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the… | |||
| CVE-2024-32771 | 0.00 | — | 0.00 | Sep 6, 2024 | An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication… | |||
| CVE-2023-39298 | 0.00 | — | 0.00 | Sep 6, 2024 | A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.… | |||
| CVE-2023-39300 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build… | |||
| CVE-2024-21904 | 0.00 | — | 0.00 | Sep 6, 2024 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the… | |||
| CVE-2024-21903 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-21898 | 0.00 | — | 0.01 | Sep 6, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS… | |||
| CVE-2024-21897 | 0.00 | — | 0.00 | Sep 6, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2023-51368 | 0.00 | — | 0.00 | Sep 6, 2024 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2023-51367 | 0.00 | — | 0.00 | Sep 6, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS… | |||
| CVE-2023-51366 | 0.00 | — | 0.00 | Sep 6, 2024 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the… | |||
| CVE-2023-50366 | 0.00 | — | 0.00 | Sep 6, 2024 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the… | |||
| CVE-2024-27129 | 0.00 | — | 0.01 | May 21, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-27128 | 0.00 | — | 0.01 | May 21, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-27127 | 0.00 | — | 0.01 | May 21, 2024 | A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS… | |||
| CVE-2024-21902 | 0.00 | — | 0.00 | May 21, 2024 | An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the… | |||
| CVE-2023-47220 | 0.00 | — | 0.01 | May 3, 2024 | An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media… | |||
| CVE-2023-41291 | 0.00 | — | 0.00 | Apr 26, 2024 | A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the… | |||
| CVE-2023-50361 | 0.00 | — | 0.01 | Apr 26, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2023-50362 | 0.00 | — | 0.01 | Apr 26, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2023-50363 | 0.00 | — | 0.00 | Apr 26, 2024 | An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the… | |||
| CVE-2023-50364 | 0.00 | — | 0.01 | Apr 26, 2024 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-21905 | 0.00 | — | 0.00 | Apr 26, 2024 | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-27124 | 0.00 | — | 0.01 | Apr 26, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build… | |||
| CVE-2024-32764 | 0.00 | — | 0.00 | Apr 26, 2024 | A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following… | |||
| CVE-2024-32766 | 0.00 | — | 0.02 | Apr 26, 2024 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build… | |||
| CVE-2024-29241 | 0.00 | — | 0.01 | Mar 28, 2024 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via… | |||
| CVE-2024-29240 | 0.00 | — | 0.01 | Mar 28, 2024 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors. | |||
| CVE-2024-29239 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing… | |||
| CVE-2024-29238 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing… | |||
| CVE-2024-29237 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive… | |||
| CVE-2024-29236 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing… | |||
| CVE-2024-29235 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive… | |||
| CVE-2024-29234 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive… | |||
| CVE-2024-29233 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive… | |||
| CVE-2024-29232 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive… | |||
| CVE-2024-29231 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via… | |||
| CVE-2024-29230 | 0.00 | — | 0.01 | Mar 28, 2024 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing… |
- CVE-2024-48861Nov 22, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later
- CVE-2024-48862Nov 22, 2024risk 0.00cvss —epss 0.01
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the…
- CVE-2024-50396Nov 22, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the…
- CVE-2024-50397Nov 22, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed…
- CVE-2024-50398Nov 22, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50399Nov 22, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50400Nov 22, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-50401Nov 22, 2024risk 0.00cvss —epss 0.01
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have…
- CVE-2024-38641Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following…
- CVE-2024-32763Sep 6, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…
- CVE-2024-21906Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following…
- CVE-2023-34979Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following…
- CVE-2023-34974Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the…
- CVE-2024-32771Sep 6, 2024risk 0.00cvss —epss 0.00
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication…
- CVE-2023-39298Sep 6, 2024risk 0.00cvss —epss 0.00
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.…
- CVE-2023-39300Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build…
- CVE-2024-21904Sep 6, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the…
- CVE-2024-21903Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following…
- CVE-2024-21898Sep 6, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS…
- CVE-2024-21897Sep 6, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following…
- CVE-2023-51368Sep 6, 2024risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following…
- CVE-2023-51367Sep 6, 2024risk 0.00cvss —epss 0.00
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS…
- CVE-2023-51366Sep 6, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the…
- CVE-2023-50366Sep 6, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the…
- CVE-2024-27129May 21, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…
- CVE-2024-27128May 21, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…
- CVE-2024-27127May 21, 2024risk 0.00cvss —epss 0.01
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS…
- CVE-2024-21902May 21, 2024risk 0.00cvss —epss 0.00
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the…
- CVE-2023-47220May 3, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media…
- CVE-2023-41291Apr 26, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the…
- CVE-2023-50361Apr 26, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…
- CVE-2023-50362Apr 26, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…
- CVE-2023-50363Apr 26, 2024risk 0.00cvss —epss 0.00
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the…
- CVE-2023-50364Apr 26, 2024risk 0.00cvss —epss 0.01
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following…
- CVE-2024-21905Apr 26, 2024risk 0.00cvss —epss 0.00
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following…
- CVE-2024-27124Apr 26, 2024risk 0.00cvss —epss 0.01
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build…
- CVE-2024-32764Apr 26, 2024risk 0.00cvss —epss 0.00
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following…
- CVE-2024-32766Apr 26, 2024risk 0.00cvss —epss 0.02
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build…
- CVE-2024-29241Mar 28, 2024risk 0.00cvss —epss 0.01
Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via…
- CVE-2024-29240Mar 28, 2024risk 0.00cvss —epss 0.01
Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.
- CVE-2024-29239Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing…
- CVE-2024-29238Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…
- CVE-2024-29237Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…
- CVE-2024-29236Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…
- CVE-2024-29235Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…
- CVE-2024-29234Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…
- CVE-2024-29233Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive…
- CVE-2024-29232Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive…
- CVE-2024-29231Mar 28, 2024risk 0.00cvss —epss 0.01
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via…
- CVE-2024-29230Mar 28, 2024risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing…
Page 6 of 10