Qnap Systems Inc Qutscloud vulnerabilities
58 known vulnerabilities affecting qnap_systems_inc/qutscloud.
Total CVEs
58
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH36MEDIUM17
Vulnerabilities
Page 2 of 3
CVE-2023-45035HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-45035 [HIGH] CWE-120 CVE-2023-45035: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-41283HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41283 [HIGH] CWE-77 CVE-2023-41283: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 2023
cvelistv5nvd
CVE-2023-41278HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41278 [HIGH] CWE-120 CVE-2023-41278: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-41276HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41276 [HIGH] CWE-120 CVE-2023-41276: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-41277HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41277 [HIGH] CWE-120 CVE-2023-41277: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-41281HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41281 [HIGH] CWE-77 CVE-2023-41281: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 2023
cvelistv5nvd
CVE-2023-47567HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-47567 [HIGH] CWE-78 CVE-2023-47567: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 an
cvelistv5nvd
CVE-2023-41282HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41282 [HIGH] CWE-77 CVE-2023-41282: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 2023
cvelistv5nvd
CVE-2023-45037HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-45037 [HIGH] CWE-120 CVE-2023-45037: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-41292HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41292 [HIGH] CWE-120 CVE-2023-41292: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-41279HIGHCVSS 7.2≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41279 [HIGH] CWE-120 CVE-2023-41279: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.
cvelistv5nvd
CVE-2023-45028MEDIUMCVSS 4.9≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-45028 [MEDIUM] CWE-400 CVE-2023-45028: An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operatin
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and
cvelistv5nvd
CVE-2023-41274MEDIUMCVSS 4.9≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-41274 [MEDIUM] CWE-476 CVE-2023-41274: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuT
cvelistv5nvd
CVE-2023-32967MEDIUMCVSS 6.5≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-32967 [MEDIUM] CWE-285 CVE-2023-32967: An incorrect authorization vulnerability has been reported to affect several QNAP operating system v
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
QTS 5.x, QuTS hero are not affected.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.26
cvelistv5nvd
CVE-2023-45026MEDIUMCVSS 4.9≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-45026 [MEDIUM] CWE-22 CVE-2023-45026: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116
cvelistv5nvd
CVE-2023-45027MEDIUMCVSS 4.9≥ c5.x.x, < c5.1.5.26512024-02-02
CVE-2023-45027 [MEDIUM] CWE-22 CVE-2023-45027: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116
cvelistv5nvd
CVE-2023-23367HIGHCVSS 7.2≥ c5.x.x, < c5.1.0.24982023-11-10
CVE-2023-23367 [HIGH] CWE-78 CVE-2023-23367: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 2023
cvelistv5nvd
CVE-2023-23368CRITICALCVSS 9.8≥ c5.x.x, < c5.0.1.23742023-11-03
CVE-2023-23368 [CRITICAL] CWE-78 CVE-2023-23368: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h
cvelistv5nvd
CVE-2023-39301MEDIUMCVSS 4.3≥ c5.x.x, < c5.1.0.24982023-11-03
CVE-2023-39301 [MEDIUM] CWE-918 CVE-2023-39301: A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operatin
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build
cvelistv5nvd
CVE-2023-32974HIGHCVSS 7.5≥ c5.x, < c5.1.0.24982023-10-13
CVE-2023-32974 [HIGH] CWE-22 CVE-2023-32974: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.
cvelistv5nvd