CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21901 – myQNAPcloud
https://notcve.org/view.php?id=CVE-2024-21901
08 Mar 2024 — A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados inyectar código... • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2024-21900 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-21900
08 Mar 2024 — An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de inyección afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerab... • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-21899 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-21899
08 Mar 2024 — An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later Se ha informado que una ... • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39301 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-39301
03 Nov 2023 — A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later Se ha informado ... • https://www.qnap.com/en/security-advisory/qsa-23-51 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 18EXPL: 0CVE-2023-23355 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
https://notcve.org/view.php?id=CVE-2023-23355
29 Mar 2023 — An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later... • https://www.qnap.com/en/security-advisory/qsa-23-10 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-27597 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
https://notcve.org/view.php?id=CVE-2022-27597
29 Mar 2023 — A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later • https://www.qnap.com/en/security-advisory/qsa-23-06 • CWE-125: Out-of-bounds Read CWE-489: Active Debug Code CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0CVE-2022-27598 – QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
https://notcve.org/view.php?id=CVE-2022-27598
29 Mar 2023 — A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later • https://www.qnap.com/en/security-advisory/qsa-23-06 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38693 – Path Traversal in thttpd
https://notcve.org/view.php?id=CVE-2021-38693
05 May 2022 — A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 202203... • https://www.qnap.com/en/security-advisory/qsa-22-13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38674 – Reflected XSS Vulnerability in TFTP
https://notcve.org/view.php?id=CVE-2021-38674
07 Jan 2022 — A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS) que afecta a QTS, QuTS hero y QuTScl... • https://www.qnap.com/en/security-advisory/qsa-21-63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34343 – Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud
https://notcve.org/view.php?id=CVE-2021-34343
10 Sep 2021 — A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later Se ha reportado de una vulnerabilidad de desbordamiento del búfer ... • https://www.qnap.com/en/security-advisory/qsa-21-33 • CWE-787: Out-of-bounds Write •