CVSS: 3.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-27597 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
https://notcve.org/view.php?id=CVE-2022-27597
29 Mar 2023 — A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later • https://www.qnap.com/en/security-advisory/qsa-23-06 • CWE-125: Out-of-bounds Read CWE-489: Active Debug Code CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0CVE-2022-27598 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
https://notcve.org/view.php?id=CVE-2022-27598
29 Mar 2023 — A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later • https://www.qnap.com/en/security-advisory/qsa-23-06 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 26%CPEs: 2EXPL: 0CVE-2022-27596 – Vulnerability in QTS
https://notcve.org/view.php?id=CVE-2022-27596
30 Jan 2023 — A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later Se ha informado que una vulnerabilidad afecta al dispositivo QNAP que ejecuta QuTS hero, QTS. Si se explota, esta vulnerabilidad permite a atacantes remotos inyectar código mal... • https://www.qnap.com/en/security-advisory/qsa-23-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 94%CPEs: 11EXPL: 0CVE-2022-27593 – QNAP Photo Station Externally Controlled Reference Vulnerability
https://notcve.org/view.php?id=CVE-2022-27593
08 Sep 2022 — An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later Se ha informado una vulnerabilidad de re... • https://www.qnap.com/en/security-advisory/qsa-22-24 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •