Qnap Systems Inc Qts vulnerabilities
249 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3
Vulnerabilities
Page 13 of 13
CVE-2024-37042P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37042 [MEDIUM] CWE-476 CVE-2024-37042: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 an
nvd
CVE-2024-37045P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37045 [MEDIUM] CWE-476 CVE-2024-37045: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 an
nvd
CVE-2023-41274P4MEDIUMCVSS 4.9≥ 5.1.x, < 5.1.2.2533 build 202309262024-02-02
CVE-2023-41274 [MEDIUM] CWE-476 CVE-2023-41274: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuT
nvd
CVE-2023-32969P4MEDIUMCVSS 4.8≥ 5.1.x, < 5.1.4.2596 build 202311282024-03-08
CVE-2023-32969 [MEDIUM] CWE-79 CVE-2023-32969: A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 5.1.4.2596 build 20231128 and later
QuT
nvd
CVE-2023-50366P4MEDIUMCVSS 4.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2023-50366 [MEDIUM] CWE-79 CVE-2023-50366: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.273
nvd
CVE-2024-32765P4MEDIUMCVSS 4.2≥ 5.1.x, < 5.1.8.2823 build 202407122024-08-12
CVE-2024-32765 [MEDIUM] CWE-291 CVE-2024-32765: A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerabilit
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823
nvd
CVE-2024-32771P4LOWCVSS 2.4≥ 5.1.x, < 5.2.0.2782 build 202406012024-09-06
CVE-2024-32771 [LOW] CWE-307 CVE-2024-32771: An improper restriction of excessive authentication attempts vulnerability has been reported to affe
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have alrea
nvd
CVE-2022-27598P4LOWCVSS 2.7≥ unspecified, < 5.0.1.2346 build 202303222023-03-29
CVE-2022-27598 [LOW] CWE-125 CVE-2022-27598: A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the followin
nvd
CVE-2022-27597P4LOWCVSS 2.7≥ unspecified, < 5.0.1.2346 build 202303222023-03-29
CVE-2022-27597 [LOW] CWE-125 CVE-2022-27597: A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the followin
nvd
← Previous13 / 13