QNAP QuTS Hero H5.1.5.2680 Build 20240220
Approved changes feed: RSS · Atom
cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*
part: o version: h5.1.5.2680 update: build_20240220
| Vendor | Qnap (a402dda4-b7da-50eb-b0f8-700e564ee87d) |
|---|---|
| Product | Quts Hero (c808c21e-6b74-58ae-ac08-bf1b891081da) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-53691 |
vulnerable | 2026-06-03 14:57:39.884416 |
QTS, QuTS hero
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QTS 5.2.0.2802 build 20240620 and later
QuTS hero h5.1.8.2823 build 20240712 and later
QuTS hero h5.2.0.2802 build 20240620 and later
Published: 2024-12-06T16:34:54.018Z
Updated: 2025-01-24T04:55:42.067Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50403 |
vulnerable | 2026-06-03 14:57:24.183694 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:45.927Z
Updated: 2024-12-06T19:25:57.274Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50402 |
vulnerable | 2026-06-03 14:57:24.178565 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:39.547Z
Updated: 2024-12-06T19:26:18.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50393 |
vulnerable | 2026-06-03 14:57:24.157899 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:33.342Z
Updated: 2024-12-10T04:55:54.258Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48868 |
vulnerable | 2026-06-03 14:57:10.347180 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:27.206Z
Updated: 2024-12-06T19:36:12.495Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48867 |
vulnerable | 2026-06-03 14:57:10.345213 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:20.438Z
Updated: 2024-12-06T19:38:19.849Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48866 |
vulnerable | 2026-06-03 14:57:10.343509 |
QTS, QuTS hero
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:13.985Z
Updated: 2024-12-06T19:29:20.387Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48865 |
vulnerable | 2026-06-03 14:57:10.341604 |
QTS, QuTS hero
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:05.597Z
Updated: 2024-12-06T19:38:27.732Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48859 |
vulnerable | 2026-06-03 14:57:10.311231 |
QTS, QuTS hero
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:35:58.818Z
Updated: 2024-12-06T19:38:38.778Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38641 |
vulnerable | 2026-06-03 14:56:19.185841 |
QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-09-06T16:27:46.814Z
Updated: 2024-09-06T17:04:38.717Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38638 |
vulnerable | 2026-06-03 14:56:19.175708 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
QTS 5.2.x/QuTS hero h5.2.x are not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QuTS hero h5.1.9.2954 build 20241120 and later
Published: 2025-03-07T16:12:47.551Z
Updated: 2025-03-07T17:58:55.587Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32771 |
vulnerable | 2026-06-03 14:55:48.008046 |
QTS, QuTS hero
LOW (2.6)
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Published: 2024-09-06T16:27:12.908Z
Updated: 2024-09-06T17:33:45.895Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32763 |
vulnerable | 2026-06-03 14:55:47.976586 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-09-06T16:27:41.126Z
Updated: 2024-09-06T17:05:19.113Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27130 |
vulnerable | 2026-06-03 14:55:16.701754 |
QTS, QuTS hero
HIGH (7.2)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:46.881Z
Updated: 2024-08-02T00:27:59.262Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27129 |
vulnerable | 2026-06-03 14:55:16.700192 |
QTS, QuTS hero
MEDIUM (6.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:40.115Z
Updated: 2024-08-02T00:27:59.066Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27128 |
vulnerable | 2026-06-03 14:55:16.698843 |
QTS, QuTS hero
MEDIUM (6.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:34.365Z
Updated: 2024-08-02T00:27:59.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27127 |
vulnerable | 2026-06-03 14:55:16.696700 |
QTS, QuTS hero
HIGH (7.2)
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:29.155Z
Updated: 2024-08-02T00:27:59.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21906 |
vulnerable | 2026-06-03 14:54:51.266946 |
QTS, QuTS hero
MEDIUM (4.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-09-06T16:27:36.257Z
Updated: 2024-09-06T17:06:25.449Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21904 |
vulnerable | 2026-06-03 14:54:51.258081 |
QTS, QuTS hero
MEDIUM (5.9)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-09-06T16:26:45.983Z
Updated: 2024-09-06T17:47:40.203Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21903 |
vulnerable | 2026-06-03 14:54:51.257090 |
QTS, QuTS hero
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:27.970Z
Updated: 2024-09-06T17:27:44.415Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21902 |
vulnerable | 2026-06-03 14:54:51.254378 |
QTS, QuTS hero
MEDIUM (6.4)
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:14.291Z
Updated: 2024-08-01T22:35:33.414Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21898 |
vulnerable | 2026-06-03 14:54:51.228276 |
QTS, QuTS hero
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:24.271Z
Updated: 2024-09-06T17:43:29.571Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21897 |
vulnerable | 2026-06-03 14:54:51.225713 |
QTS, QuTS hero
HIGH (8.9)
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:19.971Z
Updated: 2024-09-06T17:34:27.664Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-14026 |
vulnerable | 2026-06-03 14:54:25.907340 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2026-03-11T08:02:13.413Z
Updated: 2026-03-12T03:55:17.771Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51368 |
vulnerable | 2026-06-03 14:53:32.051511 |
QTS, QuTS hero
MEDIUM (5.4)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:15.562Z
Updated: 2024-09-06T17:34:51.382Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51367 |
vulnerable | 2026-06-03 14:53:32.050443 |
QTS, QuTS hero
MEDIUM (5.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:10.766Z
Updated: 2024-09-06T17:39:58.509Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51366 |
vulnerable | 2026-06-03 14:53:32.049315 |
QTS, QuTS hero
HIGH (8.7)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:04.945Z
Updated: 2024-09-06T17:40:37.404Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50366 |
vulnerable | 2026-06-03 14:53:30.972422 |
QTS, QuTS hero
MEDIUM (4.3)
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:25:57.242Z
Updated: 2024-09-06T17:40:59.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50364 |
vulnerable | 2026-06-03 14:53:30.971277 |
QTS, QuTS hero
MEDIUM (6.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:12.216Z
Updated: 2024-08-02T22:16:46.326Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50363 |
vulnerable | 2026-06-03 14:53:30.970042 |
QTS, QuTS hero
HIGH (7.4)
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:16.523Z
Updated: 2024-08-02T22:16:46.611Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50362 |
vulnerable | 2026-06-03 14:53:30.969095 |
QTS, QuTS hero
MEDIUM (5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:20.310Z
Updated: 2024-08-02T22:16:46.740Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50361 |
vulnerable | 2026-06-03 14:53:30.966893 |
QTS, QuTS hero
MEDIUM (5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:23.907Z
Updated: 2024-08-02T22:16:46.330Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39298 |
vulnerable | 2026-06-03 14:52:38.581437 |
QTS, QuTS hero
HIGH (7.8)
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Published: 2024-09-06T16:27:08.552Z
Updated: 2024-09-06T17:43:57.324Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.