Qnap Systems Inc Qts vulnerabilities
237 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
237
CISA KEV
4
actively exploited
Public exploits
1
Exploited in wild
5
Severity breakdown
CRITICAL17HIGH86MEDIUM98LOW36
Vulnerabilities
Page 6 of 12
CVE-2024-37044MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37044 [MEDIUM] CWE-120 CVE-2024-37044: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
Qu
cvelistv5nvd
CVE-2024-37047MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37047 [MEDIUM] CWE-120 CVE-2024-37047: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
Qu
cvelistv5nvd
CVE-2024-37046LOWCVSS 2.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37046 [LOW] CWE-22 CVE-2024-37046: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
cvelistv5nvd
CVE-2024-50401LOWCVSS 2.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50401 [LOW] CWE-134 CVE-2024-50401: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
cvelistv5nvd
CVE-2024-50398LOWCVSS 2.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50398 [LOW] CWE-134 CVE-2024-50398: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
cvelistv5nvd
CVE-2024-50399LOWCVSS 2.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50399 [LOW] CWE-134 CVE-2024-50399: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
cvelistv5nvd
CVE-2024-50400LOWCVSS 2.1≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50400 [LOW] CWE-134 CVE-2024-50400: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
cvelistv5nvd
CVE-2023-51367HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2023-51367 [HIGH] CWE-120 CVE-2023-51367: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 a
cvelistv5nvd
CVE-2024-21898HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2024-21898 [HIGH] CWE-78 CVE-2024-21898: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and l
cvelistv5nvd
CVE-2024-38641HIGHCVSS 7.3≥ 5.1.x, < 5.1.8.2823 build 202407122024-09-06
CVE-2024-38641 [HIGH] CWE-77 CVE-2024-38641: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 202
cvelistv5nvd
CVE-2023-39298HIGHCVSS 7.8≥ 5.1.x, < 5.2.0.2737 build 202404172024-09-06
CVE-2023-39298 [HIGH] CWE-862 CVE-2023-39298: A missing authorization vulnerability has been reported to affect several QNAP operating system vers
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the
cvelistv5nvd
CVE-2023-34979HIGHCVSS 7.2≥ 4.5.x, < 4.5.4.2790 build 202406052024-09-06
CVE-2023-34979 [HIGH] CWE-78 CVE-2023-34979: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 2024
cvelistv5nvd
CVE-2023-39300HIGHCVSS 7.2≥ 4.3.6, < 4.3.6.2805 build 20240619≥ 4.3.4, < 4.3.4.2814 build 20240618+2 more2024-09-06
CVE-2023-39300 [HIGH] CWE-78 CVE-2023-39300: An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vuln
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build
cvelistv5nvd
CVE-2023-34974HIGHCVSS 8.8≥ 4.5.x, < 4.5.4.2790 build 202406052024-09-06
CVE-2023-34974 [HIGH] CWE-78 CVE-2023-34974: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.
cvelistv5nvd
CVE-2024-21897MEDIUMCVSS 5.4≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2024-21897 [MEDIUM] CWE-79 CVE-2024-21897: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 2
cvelistv5nvd
CVE-2024-21903MEDIUMCVSS 4.7≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2024-21903 [MEDIUM] CWE-77 CVE-2024-21903: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20
cvelistv5nvd
CVE-2024-32763MEDIUMCVSS 5.3≥ 5.1.x, < 5.1.8.2823 build 202407122024-09-06
CVE-2024-32763 [MEDIUM] CWE-120 CVE-2024-32763: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823
cvelistv5nvd
CVE-2024-21904MEDIUMCVSS 6.5≥ 5.1.x, < 5.1.7.2770 build 202405202024-09-06
CVE-2024-21904 [MEDIUM] CWE-22 CVE-2024-21904: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.
cvelistv5nvd
CVE-2024-21906MEDIUMCVSS 4.7≥ 5.1.x, < 5.1.8.2823 build 202407122024-09-06
CVE-2024-21906 [MEDIUM] CWE-78 CVE-2024-21906: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20
cvelistv5nvd
CVE-2023-51368MEDIUMCVSS 6.5≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2023-51368 [MEDIUM] CWE-476 CVE-2023-51368: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 buil
cvelistv5nvd