cbcvebase.

Qnap Systems Inc Qts vulnerabilities

249 known vulnerabilities affecting qnap_systems_inc/qts.

Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3

Vulnerabilities

Page 5 of 13
CVE-2023-41283P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.4.2596 build 202311282024-02-02
CVE-2023-41283 [HIGH] CWE-77 CVE-2023-41283: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 2023
nvd
CVE-2023-41281P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.4.2596 build 202311282024-02-02
CVE-2023-41281 [HIGH] CWE-77 CVE-2023-41281: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 2023
nvd
CVE-2023-41282P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.4.2596 build 202311282024-02-02
CVE-2023-41282 [HIGH] CWE-77 CVE-2023-41282: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 2023
nvd
CVE-2024-38641P3HIGHCVSS 7.8≥ 5.1.x, < 5.1.8.2823 build 202407122024-09-06
CVE-2024-38641 [HIGH] CWE-77 CVE-2024-38641: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 202
nvd
CVE-2023-23355P3HIGHCVSS 7.2≥ 5.0.*, < 5.0.1.2346 build 20230322≥ 4.5.*, < 4.5.4.2374 build 202304162023-03-29
CVE-2023-23355 [HIGH] CWE-77 CVE-2023-23355: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.
nvd
CVE-2023-39294P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.3.2578 build 202311102024-01-05
CVE-2023-39294 [HIGH] CWE-78 CVE-2023-39294: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 2023
nvd
CVE-2023-47567P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.5.2645 build 20240116≥ 4.5.x, < 4.5.4.2627 build 202312252024-02-02
CVE-2023-47567 [HIGH] CWE-78 CVE-2023-47567: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 an
nvd
CVE-2023-39302P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.3.2578 build 202311102024-02-02
CVE-2023-39302 [HIGH] CWE-78 CVE-2023-39302: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 2023
nvd
CVE-2024-37041P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37041 [HIGH] CWE-120 CVE-2024-37041: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS
nvd
CVE-2024-37044P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37044 [HIGH] CWE-120 CVE-2024-37044: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS
nvd
CVE-2024-50398P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50398 [HIGH] CWE-134 CVE-2024-50398: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build
nvd
CVE-2024-50399P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50399 [HIGH] CWE-134 CVE-2024-50399: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build
nvd
CVE-2024-50400P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50400 [HIGH] CWE-134 CVE-2024-50400: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build
nvd
CVE-2024-50401P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50401 [HIGH] CWE-134 CVE-2024-50401: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build
nvd
CVE-2024-50402P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-50402 [HIGH] CWE-134 CVE-2024-50402: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build
nvd
CVE-2024-38638P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.9.2954 build 202411202025-03-07
CVE-2024-38638 [HIGH] CWE-787 CVE-2024-38638: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1
nvd
CVE-2024-50403P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-50403 [HIGH] CWE-134 CVE-2024-50403: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build
nvd
CVE-2024-48867P3HIGHCVSS 7.5≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-48867 [HIGH] CWE-93 CVE-2024-48867: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2
nvd
CVE-2024-48868P3HIGHCVSS 7.5≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-48868 [HIGH] CWE-93 CVE-2024-48868: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2
nvd
CVE-2023-32975P3HIGHCVSS 7.2≥ 5.0.x, < 5.0.1.2514 build 20230906≥ 5.1.x, < 5.1.2.2533 build 202309262023-12-08
CVE-2023-32975 [HIGH] CWE-120 CVE-2023-32975: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533
nvd
Qnap Systems Inc Qts vulnerabilities | cvebase