CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2024-50393 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-50393
06 Dec 2024 — A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later A command injection vulnerability has been reported to affect several QNAP op... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48868 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48868
06 Dec 2024 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper neutralization of CRLF s... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48867 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48867
06 Dec 2024 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper neutralization of CRLF s... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48865 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48865
06 Dec 2024 — An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper certificate validati... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48859 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48859
06 Dec 2024 — An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper authentication vulnerability has been reported ... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 4%CPEs: 4EXPL: 2CVE-2024-53691 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-53691
06 Dec 2024 — A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later A link following vulnerability... • https://packetstorm.news/files/id/188635 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38641 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-38641
06 Sep 2024 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could... • https://www.qnap.com/en/security-advisory/qsa-24-33 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32763 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-32763
06 Sep 2024 — A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploi... • https://www.qnap.com/en/security-advisory/qsa-24-33 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21906 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-21906
06 Sep 2024 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could ... • https://www.qnap.com/en/security-advisory/qsa-24-33 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34979 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-34979
06 Sep 2024 — An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could ... • https://www.qnap.com/en/security-advisory/qsa-24-32 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •