cbcvebase.

Qnap Systems Inc Qts vulnerabilities

249 known vulnerabilities affecting qnap_systems_inc/qts.

Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3

Vulnerabilities

Page 8 of 13
CVE-2023-39298P3HIGHCVSS 7.8≥ 5.1.x, < 5.2.0.2737 build 202404172024-09-06
CVE-2023-39298 [HIGH] CWE-862 CVE-2023-39298: A missing authorization vulnerability has been reported to affect several QNAP operating system vers A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the
nvd
CVE-2018-19941P3HIGHCVSS 7.5≥ unspecified, < 4.5.1.14562020-12-31
CVE-2018-19941 [HIGH] CWE-315 CVE-2018-19941: A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an att A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 2020
nvd
CVE-2022-27600P3HIGHCVSS 7.5≥ 5.0.x, < 5.0.1.2277≥ 4.5.x, < 4.5.4.2280 build 202301122024-12-19
CVE-2022-27600 [HIGH] CWE-400 CVE-2022-27600: An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operatin An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and la
nvd
CVE-2025-52429P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52429 [MEDIUM] CWE-134 CVE-2025-52429: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 202
nvd
CVE-2025-53406P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-53406 [MEDIUM] CWE-134 CVE-2025-53406: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 202
nvd
CVE-2025-53407P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-53407 [MEDIUM] CWE-134 CVE-2025-53407: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 202
nvd
CVE-2025-53593P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-53593 [MEDIUM] CWE-121 CVE-2025-53593: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2
nvd
CVE-2024-53693P3HIGHCVSS 7.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53693 [HIGH] CWE-93 CVE-2024-53693: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20
nvd
CVE-2024-37050P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37050 [MEDIUM] CWE-120 CVE-2024-37050: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu
nvd
CVE-2024-37049P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37049 [MEDIUM] CWE-120 CVE-2024-37049: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu
nvd
CVE-2024-37047P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-37047 [MEDIUM] CWE-120 CVE-2024-37047: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later Qu
nvd
CVE-2023-51366P3MEDIUMCVSS 6.5≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2023-51366 [MEDIUM] CWE-22 CVE-2023-51366: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.
nvd
CVE-2025-48721P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.8.3332 build 202511282026-01-02
CVE-2025-48721 [MEDIUM] CWE-120 CVE-2025-48721: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
nvd
CVE-2024-21904P3MEDIUMCVSS 6.5≥ 5.1.x, < 5.1.7.2770 build 202405202024-09-06
CVE-2024-21904 [MEDIUM] CWE-22 CVE-2024-21904: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.
nvd
CVE-2023-32967P3MEDIUMCVSS 6.5≥ 4.5.x, < 4.5.4.2627 build 202312252024-02-02
CVE-2023-32967 [MEDIUM] CWE-285 CVE-2023-32967: An incorrect authorization vulnerability has been reported to affect several QNAP operating system v An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.26
nvd
CVE-2025-62852P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.8.3332 build 202511282026-01-02
CVE-2025-62852 [MEDIUM] CWE-121 CVE-2025-62852: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
nvd
CVE-2025-47208P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.6.3195 build 202507152026-01-02
CVE-2025-47208 [MEDIUM] CWE-770 CVE-2025-47208: An allocation of resources without limits or throttling vulnerability has been reported to affect se An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerab
nvd
CVE-2025-30265P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30265 [MEDIUM] CWE-120 CVE-2025-30265: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 bu
nvd
CVE-2025-53592P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-53592 [MEDIUM] CWE-476 CVE-2025-53592: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS he
nvd
CVE-2025-44013P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.6.3195 build 202507152026-01-02
CVE-2025-44013 [MEDIUM] CWE-476 CVE-2025-44013: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS he
nvd