Qnap Systems Inc Qts vulnerabilities

CVE-2023-32968 [HIGH] CWE-120 CVE-2023-32968: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533

CVE-2023-32975 [HIGH] CWE-120 CVE-2023-32975: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533

CVE-2023-23372 [MEDIUM] CWE-79 CVE-2023-23372: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS

CVE-2023-23367 [HIGH] CWE-78 CVE-2023-23367: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 2023

CVE-2023-23368 [CRITICAL] CWE-78 CVE-2023-23368: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h

CVE-2023-23369 [CRITICAL] CWE-77 CVE-2023-23369: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) a

CVE-2023-39301 [MEDIUM] CWE-918 CVE-2023-39301: A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operatin A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build

CVE-2023-32974 [HIGH] CWE-22 CVE-2023-32974: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.

CVE-2023-32973 [HIGH] CWE-120 CVE-2023-32973: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444

CVE-2023-34975 [HIGH] CWE-78 CVE-2023-34975: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and late

CVE-2023-32970 [MEDIUM] CWE-476 CVE-2023-32970: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515

CVE-2023-32971 [HIGH] CWE-120 CVE-2023-32971: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444

CVE-2023-32972 [HIGH] CWE-120 CVE-2023-32972: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444

CVE-2023-23363 [CRITICAL] CWE-120 CVE-2023-23363: A buffer copy without checking size of input vulnerability has been reported to affect QNAP operatin A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621

CVE-2023-23362 [HIGH] CWE-78 CVE-2023-23362: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later

CVE-2023-34971 [HIGH] CWE-326 CVE-2023-34971: An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5

CVE-2023-34972 [MEDIUM] CWE-319 CVE-2023-34972: A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP ope A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 2

CVE-2023-34973 [MEDIUM] CWE-331 CVE-2023-34973: An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploit An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero

CVE-2023-23355 [HIGH] CWE-77 CVE-2023-23355: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.

CVE-2022-27597 [LOW] CWE-125 CVE-2022-27597: A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the followin