Qnap Qsync Central vulnerabilities

63 known vulnerabilities affecting qnap/qsync_central.

Total CVEs
63
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH20MEDIUM19LOW24

Vulnerabilities

Page 1 of 4
CVE-2025-54149MEDIUMCVSS 4.9≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54149 [MEDIUM] CWE-400 CVE-2025-54149: An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a l An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54151MEDIUMCVSS 4.9≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54151 [MEDIUM] CWE-400 CVE-2025-54151: An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a l An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54150MEDIUMCVSS 4.9≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54150 [MEDIUM] CWE-400 CVE-2025-54150: An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a l An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54170MEDIUMCVSS 4.9≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54170 [MEDIUM] CWE-125 CVE-2025-54170: An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker An out-of-bounds read vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-30276MEDIUMCVSS 4.9≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-30276 [MEDIUM] CWE-787 CVE-2025-30276: An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-52868LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-52868 [LOW] CWE-120 CVE-2025-52868: A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-47209LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-47209 [LOW] CWE-476 CVE-2025-47209: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-57708LOWCVSS 2.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-57708 [LOW] CWE-770 CVE-2025-57708: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versi
nvd
CVE-2025-52870LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-52870 [LOW] CWE-120 CVE-2025-52870: A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-48723LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-48723 [LOW] CWE-120 CVE-2025-48723: A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-57710LOWCVSS 3.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-57710 [LOW] CWE-770 CVE-2025-57710: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the follo
nvd
CVE-2025-58471LOWCVSS 1.2≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-58471 [LOW] CWE-770 CVE-2025-58471: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the follo
nvd
CVE-2025-52869LOWCVSS 0.6≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-52869 [LOW] CWE-120 CVE-2025-52869: A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-57709LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-57709 [LOW] CWE-122 CVE-2025-57709: A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gain A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-58470LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-58470 [LOW] CWE-22 CVE-2025-58470: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54147LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54147 [LOW] CWE-476 CVE-2025-54147: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54146LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54146 [LOW] CWE-476 CVE-2025-54146: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54148LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54148 [LOW] CWE-476 CVE-2025-54148: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-58472LOWCVSS 1.2≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-58472 [LOW] CWE-476 CVE-2025-58472: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
CVE-2025-54152LOWCVSS 1.3≥ 5.0.0.0, < 5.0.0.42026-02-11
CVE-2025-54152 [LOW] CWE-823 CVE-2025-54152: A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a r A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
nvd
1 / 4Next →