CVE-2023-41273 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-41273
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados ejecutar código a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-38 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-39303 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-39303
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de autenticación incorrecta afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los usuarios comprometer la seguridad del sistema a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-33 • CWE-287: Improper Authentication •
CVE-2023-39297 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-39297
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 compilación 20231128 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.4.2596 compilación 20231128 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-30 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-39302 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-39302
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores • https://www.qnap.com/en/security-advisory/qsa-23-33 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-32967 – QTS, QuTScloud
https://notcve.org/view.php?id=CVE-2023-32967
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de autorización incorrecta afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los usuarios autenticados eludir las restricciones de acceso previstas a través de una red. QTS 5.x y QuTS hero no se ven afectados. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QuTScloud c5.1.5.2651 y posteriores QTS 4.5.4.2627 build 20231225 y posteriores • https://www.qnap.com/en/security-advisory/qsa-24-01 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •