Qnap Systems Inc Qsync Central vulnerabilities

62 known vulnerabilities affecting qnap_systems_inc/qsync_central.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH20MEDIUM18LOW24

Vulnerabilities

Page 3 of 4

CVE-2025-44011MEDIUMCVSS 5.3≥ 4.x, < 5.0.0.1 ( 2025/07/09 )2025-10-03

CVE-2025-44011 [MEDIUM] CWE-476 CVE-2025-44011: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

cvelistv5nvd

CVE-2025-33034MEDIUMCVSS 5.3≥ 4.x, < 5.0.0.1 ( 2025/07/09 )2025-10-03

CVE-2025-33034 [MEDIUM] CWE-22 CVE-2025-33034: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

cvelistv5nvd

CVE-2025-44008MEDIUMCVSS 5.3≥ 4.x, < 5.0.0.1 ( 2025/07/09 )2025-10-03

CVE-2025-44008 [MEDIUM] CWE-476 CVE-2025-44008: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

cvelistv5nvd

CVE-2025-44009MEDIUMCVSS 5.3≥ 4.x, < 5.0.0.1 ( 2025/07/09 )2025-10-03

CVE-2025-44009 [MEDIUM] CWE-476 CVE-2025-44009: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later

cvelistv5nvd

CVE-2025-33033HIGHCVSS 7.2≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-33033 [HIGH] CWE-22 CVE-2025-33033: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-29894HIGHCVSS 7.5≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-29894 [HIGH] CWE-89 CVE-2025-29894: An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-30261HIGHCVSS 7.1≥ 5.0.x.x, < 5.0.0.0 ( 2025/06/13 )2025-08-29

CVE-2025-30261 [HIGH] CWE-770 CVE-2025-30261: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers

cvelistv5nvd

CVE-2025-33038HIGHCVSS 7.2≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-33038 [HIGH] CWE-22 CVE-2025-33038: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-30277HIGHCVSS 8.3≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-30277 [HIGH] CWE-295 CVE-2025-30277: An improper certificate validation vulnerability has been reported to affect Qsync Central. If a rem An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-30278HIGHCVSS 8.3≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-30278 [HIGH] CWE-295 CVE-2025-30278: An improper certificate validation vulnerability has been reported to affect Qsync Central. If a rem An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-33037HIGHCVSS 7.2≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-33037 [HIGH] CWE-22 CVE-2025-33037: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-33036HIGHCVSS 7.2≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-33036 [HIGH] CWE-22 CVE-2025-33036: A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-30260HIGHCVSS 7.1≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-30260 [HIGH] CWE-770 CVE-2025-30260: An allocation of resources without limits or throttling vulnerability has been reported to affect Qs An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following vers

cvelistv5nvd

CVE-2025-29893HIGHCVSS 7.5≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-29893 [HIGH] CWE-89 CVE-2025-29893: An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-29898MEDIUMCVSS 6.0≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-29898 [MEDIUM] CWE-400 CVE-2025-29898: An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a r An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-30262MEDIUMCVSS 5.3≥ 5.0.x.x, < 5.0.0.0 ( 2025/06/13 )2025-08-29

CVE-2025-30262 [MEDIUM] CWE-476 CVE-2025-30262: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later

cvelistv5nvd

CVE-2025-30275MEDIUMCVSS 5.3≥ 4.5.x.x, < 4.5.0.7 ( 2025/04/23 )2025-08-29

CVE-2025-30275 [MEDIUM] CWE-476 CVE-2025-30275: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

cvelistv5nvd

CVE-2025-30263MEDIUMCVSS 5.3≥ 5.0.x.x, < 5.0.0.0 ( 2025/06/13 )2025-08-29

CVE-2025-30263 [MEDIUM] CWE-476 CVE-2025-30263: A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote atta A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later

cvelistv5nvd

CVE-2025-29892HIGHCVSS 8.7≥ 4.5.x.x, < 4.5.0.6 ( 2025/03/20 )2025-06-06

CVE-2025-29892 [HIGH] CWE-89 CVE-2025-29892: An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerab An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

cvelistv5nvd

CVE-2025-22482LOWCVSS 2.3≥ 4.5.x.x, < 4.5.0.6 ( 2025/03/20 )2025-06-06

CVE-2025-22482 [LOW] CWE-134 CVE-2025-22482: A use of externally-controlled format string vulnerability has been reported to affect Qsync Central A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

cvelistv5nvd

← Previous3 / 4Next →