Qnap Quts Hero vulnerabilities
223 known vulnerabilities affecting qnap/quts_hero.
Total CVEs
223
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH80MEDIUM93LOW39
Vulnerabilities
Page 10 of 12
CVE-2023-32968HIGHCVSS 7.2vh5.1.0.2409vh5.1.0.2424+10 more2023-12-08
CVE-2023-32968 [HIGH] CWE-120 CVE-2023-32968: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533
nvd
CVE-2023-32975HIGHCVSS 7.2vh5.1.0.2409vh5.1.0.2424+10 more2023-12-08
CVE-2023-32975 [HIGH] CWE-120 CVE-2023-32975: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533
nvd
CVE-2023-23372MEDIUMCVSS 6.1vh5.1.0.2409vh5.0.1.2045+19 more2023-12-08
CVE-2023-23372 [MEDIUM] CWE-79 CVE-2023-23372: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS
nvd
CVE-2023-23367HIGHCVSS 7.2vh5.0.0.1772vh5.0.0.1844+14 more2023-11-10
CVE-2023-23367 [HIGH] CWE-78 CVE-2023-23367: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 2023
nvd
CVE-2023-23368CRITICALCVSS 9.8vh5.0.1.2045vh5.0.1.2192+16 more2023-11-03
CVE-2023-23368 [CRITICAL] CWE-78 CVE-2023-23368: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h
nvd
CVE-2023-39301MEDIUMCVSS 4.3fixed in h5.1.1.2488fixed in h5.0.1.25152023-11-03
CVE-2023-39301 [MEDIUM] CWE-918 CVE-2023-39301: A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operatin
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build
nvd
CVE-2023-32973HIGHCVSS 7.2≥ h4.5.0, < h4.5.4.2476≥ h5.0.0, < h5.0.1.2515+1 more2023-10-13
CVE-2023-32973 [HIGH] CWE-120 CVE-2023-32973: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2023-32974HIGHCVSS 7.5≥ h5.1.0, < h5.1.0.24242023-10-13
CVE-2023-32974 [HIGH] CWE-22 CVE-2023-32974: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.
nvd
CVE-2023-32970MEDIUMCVSS 4.9≥ h4.5.0, < h4.5.4.2476≥ h5.0.0, < h5.0.1.2515+1 more2023-10-13
CVE-2023-32970 [MEDIUM] CWE-476 CVE-2023-32970: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.0.1.2515
nvd
CVE-2023-32971HIGHCVSS 7.2≥ h4.5.0, < h4.5.4.2476≥ h5.0.0, < h5.0.1.2515+1 more2023-10-06
CVE-2023-32971 [HIGH] CWE-120 CVE-2023-32971: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2023-32972HIGHCVSS 7.2≥ h4.5.0, < h4.5.4.2476≥ h5.0.0, < h5.0.1.2515+1 more2023-10-06
CVE-2023-32972 [HIGH] CWE-120 CVE-2023-32972: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2023-23362HIGHCVSS 8.8≥ h4.5.4, < h4.5.4.2374≥ h5.0.1, < h5.0.1.23762023-09-22
CVE-2023-23362 [HIGH] CWE-78 CVE-2023-23362: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
nvd
CVE-2023-34971HIGHCVSS 8.8≥ h4.5.4, < h4.5.4.2476≥ h5.1.0, < h5.1.0.24242023-08-24
CVE-2023-34971 [HIGH] CWE-326 CVE-2023-34971: An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems.
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5
nvd
CVE-2023-34972MEDIUMCVSS 6.5≥ h5.1.0, < h5.1.0.24242023-08-24
CVE-2023-34972 [MEDIUM] CWE-319 CVE-2023-34972: A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP ope
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 2
nvd
CVE-2023-34973MEDIUMCVSS 5.3≥ h5.1.0, < h5.1.0.24242023-08-24
CVE-2023-34973 [MEDIUM] CWE-331 CVE-2023-34973: An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploit
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QuTS hero
nvd
CVE-2023-23355HIGHCVSS 7.2fixed in h5.0.1.23482023-03-29
CVE-2023-23355 [HIGH] CWE-77 CVE-2023-23355: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.
nvd
CVE-2022-27598LOWCVSS 2.7fixed in h5.0.1.23482023-03-29
CVE-2022-27598 [LOW] CWE-125 CVE-2022-27598: A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the followin
nvd
CVE-2022-27597LOWCVSS 2.7fixed in h5.0.1.23482023-03-29
CVE-2022-27597 [LOW] CWE-125 CVE-2022-27597: A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the followin
nvd
CVE-2022-27596CRITICALCVSS 9.8≥ h5.0.1, < h5.0.1.22482023-01-30
CVE-2022-27596 [CRITICAL] CWE-89 CVE-2022-27596: A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this v
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of QuTS hero, QTS:
QuTS hero h5.0.1.2248 build 20221215 and later
QTS 5.0.1.2234 build 20221201 and later
nvd
CVE-2021-44051HIGHCVSS 8.8fixed in h4.5.4.1771≥ h5.0.0.1772, < h5.0.0.19862022-05-05
CVE-2021-44051 [HIGH] CWE-77 CVE-2021-44051: A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20
nvd