CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23363 – QTS
https://notcve.org/view.php?id=CVE-2023-23363
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later Se ha informado que una copia del búfer sin verificar el tamaño de la vulnerabilidad de entrada afecta el sistema operativo QNAP. Si se explota, la vulnerabilidad posiblemente permita a usuarios remotos ejecutar código a través de vectores no especificados. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 4.3.6.2441 compilación 20230621 y posteriores QTS 4.3.3.2420 compilación 20230621 y posteriores QTS 4.2.6 compilación 20230621 y posteriores QTS 4.3.4.2451 compilación 20230621 y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-25 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2023-23355 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
https://notcve.org/view.php?id=CVE-2023-23355
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later • https://www.qnap.com/en/security-advisory/qsa-23-10 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 2.7EPSS: 0%CPEs: 18EXPL: 0CVE-2022-27597 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
https://notcve.org/view.php?id=CVE-2022-27597
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later • https://www.qnap.com/en/security-advisory/qsa-23-06 • CWE-125: Out-of-bounds Read CWE-489: Active Debug Code CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 2.7EPSS: 0%CPEs: 17EXPL: 0CVE-2022-27598 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
https://notcve.org/view.php?id=CVE-2022-27598
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later • https://www.qnap.com/en/security-advisory/qsa-23-06 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 61%CPEs: 11EXPL: 0CVE-2022-27593 – QNAP Photo Station Externally Controlled Reference Vulnerability
https://notcve.org/view.php?id=CVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de recursos de referencia controlada externamente afecta al QNAP NAS que ejecuta Photo Station. Si se explota, esto podría permitir a un atacante modificar los archivos del sistema. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS versiones 5.0.1: Photo Station versiones 6.1.2 y posteriores QTS versiones 5.0.0/4.5.x: Photo Station versiones 6.0.22 y posteriores QTS versiones 4.3.6: Photo Station versiones 5.7.18 y posteriores QTS versiones 4.3.3: Photo Station versiones 5.4.15 y posteriores QTS versiones 4.2.6: Photo Station versiones 5.2.14 y posteriores Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •