Approved changes feed: RSS · Atom
cpe:2.3:a:qnap_systems_inc.:qts:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Qnap Systems Inc. (1f66ac1e-0889-51bf-b27f-24c7175e5920) |
|---|---|
| Product | Qts (73d60553-ff35-5220-babc-70e7d4a7e3b7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9110 |
vulnerable | 2026-06-03 15:13:45.432799 |
QTS, QuTS hero
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T15:17:29.481Z
Updated: 2026-01-02T19:14:42.164Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-66277 |
vulnerable | 2026-06-03 15:09:41.917913 |
QTS, QuTS hero
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3350 build 20251216 and later
QuTS hero h5.3.2.3354 build 20251225 and later
QuTS hero h5.2.8.3350 build 20251216 and later
Published: 2026-02-11T12:15:43.851Z
Updated: 2026-02-26T14:44:26.986Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62852 |
vulnerable | 2026-06-03 15:09:35.478121 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
Published: 2026-01-02T15:19:40.492Z
Updated: 2026-01-05T20:38:31.940Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62849 |
vulnerable | 2026-06-03 15:09:35.475317 |
QTS, QuTS hero
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:24:58.273Z
Updated: 2026-02-26T16:07:33.754Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62848 |
vulnerable | 2026-06-03 15:09:35.471803 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:25:04.815Z
Updated: 2026-03-18T03:55:46.939Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62847 |
vulnerable | 2026-06-03 15:09:35.424540 |
QTS, QuTS hero
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:25:11.210Z
Updated: 2026-03-18T13:05:56.224Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59385 |
vulnerable | 2026-06-03 15:06:25.036434 |
QTS, QuTS hero
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024 and later
QuTS hero h5.3.1.3292 build 20251024 and later
Published: 2025-12-16T02:25:16.661Z
Updated: 2026-02-26T16:07:33.359Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59381 |
vulnerable | 2026-06-03 15:06:25.021557 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-01-02T15:19:09.271Z
Updated: 2026-01-05T20:38:50.555Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59380 |
vulnerable | 2026-06-03 15:06:25.011414 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-01-02T15:18:56.977Z
Updated: 2026-01-02T19:10:29.579Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-58466 |
vulnerable | 2026-06-03 15:06:21.717430 |
QTS, QuTS hero
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-02-11T12:16:55.139Z
Updated: 2026-02-11T16:54:52.712Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57705 |
vulnerable | 2026-06-03 15:04:59.895238 |
QTS, QuTS hero
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:57:17.408Z
Updated: 2026-01-02T19:15:26.326Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54166 |
vulnerable | 2026-06-03 15:04:55.133420 |
QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:57:05.534Z
Updated: 2026-01-02T19:16:09.640Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54165 |
vulnerable | 2026-06-03 15:04:55.130677 |
QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:54.985Z
Updated: 2026-01-02T19:16:42.072Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54164 |
vulnerable | 2026-06-03 15:04:55.097694 |
QTS, QuTS hero
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:43.726Z
Updated: 2026-01-02T19:17:21.484Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53596 |
vulnerable | 2026-06-03 15:03:54.362614 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:33.274Z
Updated: 2026-01-05T20:38:55.696Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53593 |
vulnerable | 2026-06-03 15:03:54.331056 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:24.161Z
Updated: 2026-01-05T20:39:01.408Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53592 |
vulnerable | 2026-06-03 15:03:54.329935 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:56:13.513Z
Updated: 2026-01-05T20:39:07.353Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53591 |
vulnerable | 2026-06-03 15:03:54.328892 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:55:54.769Z
Updated: 2026-01-05T20:39:12.642Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53590 |
vulnerable | 2026-06-03 15:03:54.327760 |
QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
Published: 2026-01-02T14:55:37.460Z
Updated: 2026-01-05T20:39:19.236Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53589 |
vulnerable | 2026-06-03 15:03:54.326656 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:55:11.688Z
Updated: 2026-01-05T20:39:24.834Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53414 |
vulnerable | 2026-06-03 15:03:53.996325 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:54:54.455Z
Updated: 2026-01-02T19:17:55.858Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53407 |
vulnerable | 2026-06-03 15:03:53.993545 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:42.829Z
Updated: 2025-10-03T19:09:52.630Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53406 |
vulnerable | 2026-06-03 15:03:53.992662 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:36.797Z
Updated: 2025-10-03T19:10:06.668Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53405 |
vulnerable | 2026-06-03 15:03:53.991475 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:54:39.877Z
Updated: 2026-01-02T19:19:33.876Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52872 |
vulnerable | 2026-06-03 15:03:52.630547 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2026-01-02T14:54:25.736Z
Updated: 2026-01-02T19:20:02.277Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52866 |
vulnerable | 2026-06-03 15:03:52.619559 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:20.905Z
Updated: 2025-10-03T19:10:32.185Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52864 |
vulnerable | 2026-06-03 15:03:52.587482 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2026-01-02T14:54:14.636Z
Updated: 2026-01-02T19:21:12.711Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52863 |
vulnerable | 2026-06-03 15:03:52.586246 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2026-01-02T14:53:57.755Z
Updated: 2026-01-02T19:21:59.941Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52862 |
vulnerable | 2026-06-03 15:03:52.584992 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:14:13.658Z
Updated: 2025-10-03T19:10:42.739Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52860 |
vulnerable | 2026-06-03 15:03:52.583835 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:22.605Z
Updated: 2025-10-03T19:10:53.233Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52859 |
vulnerable | 2026-06-03 15:03:52.582874 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:16.583Z
Updated: 2025-10-03T19:11:12.494Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52858 |
vulnerable | 2026-06-03 15:03:52.581988 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:09.818Z
Updated: 2025-10-03T19:11:24.029Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52857 |
vulnerable | 2026-06-03 15:03:52.581046 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:12:03.119Z
Updated: 2025-10-03T19:11:34.444Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52855 |
vulnerable | 2026-06-03 15:03:52.559531 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:56.405Z
Updated: 2025-10-03T19:11:44.238Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52854 |
vulnerable | 2026-06-03 15:03:52.558601 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:49.041Z
Updated: 2025-10-03T19:11:52.322Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52853 |
vulnerable | 2026-06-03 15:03:52.556477 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:42.913Z
Updated: 2025-10-03T19:12:08.464Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52433 |
vulnerable | 2026-06-03 15:01:59.207835 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:36.758Z
Updated: 2025-10-03T19:13:27.504Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52432 |
vulnerable | 2026-06-03 15:01:59.205280 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
and later
QuTS hero h5.2.6.3195 build 20250715 and later
QuTS hero h5.3.0.3192 build 20250716 and later
Published: 2025-10-03T18:11:30.922Z
Updated: 2025-10-03T20:46:02.157Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52431 |
vulnerable | 2026-06-03 15:01:59.202514 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:53:37.139Z
Updated: 2026-01-02T19:23:21.424Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52430 |
vulnerable | 2026-06-03 15:01:59.193673 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:53:23.512Z
Updated: 2026-01-02T19:24:13.674Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52429 |
vulnerable | 2026-06-03 15:01:59.191307 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:24.368Z
Updated: 2025-10-03T20:46:16.009Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52428 |
vulnerable | 2026-06-03 15:01:59.188377 |
QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:17.308Z
Updated: 2025-10-03T20:46:24.803Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52427 |
vulnerable | 2026-06-03 15:01:59.182016 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:10.864Z
Updated: 2025-10-03T20:46:37.025Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52426 |
vulnerable | 2026-06-03 15:01:59.171033 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 build 20250913 and later
QuTS hero h5.3.1.3250 build 20250912 and later
Published: 2026-01-02T14:53:10.624Z
Updated: 2026-01-02T19:25:16.745Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52424 |
vulnerable | 2026-06-03 15:01:59.144793 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:11:04.091Z
Updated: 2025-10-03T20:47:34.895Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48730 |
vulnerable | 2026-06-03 15:01:35.207059 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:57.322Z
Updated: 2025-10-03T20:47:53.789Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48729 |
vulnerable | 2026-06-03 15:01:35.205224 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:51.245Z
Updated: 2025-10-06T17:16:57.435Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48728 |
vulnerable | 2026-06-03 15:01:35.203666 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:45.768Z
Updated: 2025-10-03T18:59:15.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48727 |
vulnerable | 2026-06-03 15:01:35.202077 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:39.613Z
Updated: 2025-10-03T18:58:24.023Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48726 |
vulnerable | 2026-06-03 15:01:35.200240 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:33.458Z
Updated: 2025-10-03T18:57:50.791Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48721 |
vulnerable | 2026-06-03 15:01:35.185231 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
Published: 2026-01-02T15:17:38.864Z
Updated: 2026-01-02T19:13:09.727Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47214 |
vulnerable | 2026-06-03 15:01:28.685191 |
QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
and later
Published: 2025-10-03T18:10:26.403Z
Updated: 2025-10-03T18:57:05.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47213 |
vulnerable | 2026-06-03 15:01:28.683361 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:17.500Z
Updated: 2025-10-03T18:56:27.652Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47212 |
vulnerable | 2026-06-03 15:01:28.680925 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:11.466Z
Updated: 2026-02-26T17:48:20.794Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47211 |
vulnerable | 2026-06-03 15:01:28.678891 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2025-10-03T18:10:04.837Z
Updated: 2025-10-03T18:53:40.403Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47208 |
vulnerable | 2026-06-03 15:01:28.668703 |
QTS, QuTS hero
An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2026-01-02T14:52:49.669Z
Updated: 2026-01-02T19:25:58.843Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47205 |
vulnerable | 2026-06-03 15:01:28.643509 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS hero h5.2.8.3321 build 20251117 and later
Published: 2026-02-11T12:19:44.097Z
Updated: 2026-02-11T14:33:22.912Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44013 |
vulnerable | 2026-06-03 15:01:18.467655 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
Published: 2026-01-02T14:52:34.169Z
Updated: 2026-01-02T19:26:32.750Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-33032 |
vulnerable | 2026-06-03 15:00:42.711677 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:51.497Z
Updated: 2025-08-29T18:22:12.579Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30274 |
vulnerable | 2026-06-03 15:00:27.641446 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:31.717Z
Updated: 2025-08-29T18:22:37.804Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30273 |
vulnerable | 2026-06-03 15:00:27.640057 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:27.210Z
Updated: 2025-08-29T18:22:44.930Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30272 |
vulnerable | 2026-06-03 15:00:27.638020 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:22.812Z
Updated: 2025-08-29T18:22:51.109Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30271 |
vulnerable | 2026-06-03 15:00:27.635349 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:18.464Z
Updated: 2025-08-29T18:22:57.195Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30270 |
vulnerable | 2026-06-03 15:00:27.633833 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:13.816Z
Updated: 2025-08-29T18:23:04.907Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30268 |
vulnerable | 2026-06-03 15:00:27.631508 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:08.724Z
Updated: 2025-08-29T18:23:10.854Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30267 |
vulnerable | 2026-06-03 15:00:27.629218 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:16:03.790Z
Updated: 2025-08-29T18:23:17.830Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30265 |
vulnerable | 2026-06-03 15:00:27.627249 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:15:58.561Z
Updated: 2025-08-29T18:23:23.852Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30264 |
vulnerable | 2026-06-03 15:00:27.609518 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:15:53.952Z
Updated: 2026-02-26T17:47:48.098Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-29882 |
vulnerable | 2026-06-03 15:00:14.820047 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
Published: 2025-08-29T17:14:18.812Z
Updated: 2025-08-29T18:25:05.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-22481 |
vulnerable | 2026-06-03 14:59:40.064577 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3079 build 20250321 and later
Published: 2025-06-06T15:53:18.696Z
Updated: 2026-02-26T17:51:06.890Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56805 |
vulnerable | 2026-06-03 14:57:50.318537 |
QTS, QuTS hero
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3079 build 20250321 and later
Published: 2025-06-06T15:53:13.936Z
Updated: 2025-06-06T16:35:40.607Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53699 |
vulnerable | 2026-06-03 14:57:39.920012 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:14:15.735Z
Updated: 2025-03-07T17:52:52.877Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53698 |
vulnerable | 2026-06-03 14:57:39.919020 |
QTS, QuTS hero
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:14:08.713Z
Updated: 2025-03-07T17:53:17.143Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53697 |
vulnerable | 2026-06-03 14:57:39.917944 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:14:01.565Z
Updated: 2025-03-07T17:53:42.938Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53696 |
vulnerable | 2026-06-03 14:57:39.911434 |
QuLog Center
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0.888 ( 2024/10/15 ) and later
QTS 4.5.4.2957 build 20241119 and later
QuTS hero h4.5.4.2956 build 20241119 and later
Published: 2025-03-07T16:13:55.595Z
Updated: 2025-03-07T17:54:11.651Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53693 |
vulnerable | 2026-06-03 14:57:39.898061 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:13:29.581Z
Updated: 2025-03-07T17:08:09.353Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53692 |
vulnerable | 2026-06-03 14:57:39.888586 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:13:23.099Z
Updated: 2025-03-07T17:11:12.796Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53691 |
vulnerable | 2026-06-03 14:57:39.868637 |
QTS, QuTS hero
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QTS 5.2.0.2802 build 20240620 and later
QuTS hero h5.1.8.2823 build 20240712 and later
QuTS hero h5.2.0.2802 build 20240620 and later
Published: 2024-12-06T16:34:54.018Z
Updated: 2025-01-24T04:55:42.067Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50405 |
vulnerable | 2026-06-03 14:57:24.203716 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2025-03-07T16:13:17.099Z
Updated: 2025-03-07T17:14:37.498Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50403 |
vulnerable | 2026-06-03 14:57:24.182740 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:45.927Z
Updated: 2024-12-06T19:25:57.274Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50402 |
vulnerable | 2026-06-03 14:57:24.177600 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:39.547Z
Updated: 2024-12-06T19:26:18.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50401 |
vulnerable | 2026-06-03 14:57:24.176614 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:30:59.166Z
Updated: 2024-11-22T16:45:59.583Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50400 |
vulnerable | 2026-06-03 14:57:24.175515 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:13.326Z
Updated: 2024-11-22T16:44:57.456Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50399 |
vulnerable | 2026-06-03 14:57:24.174670 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:20.542Z
Updated: 2024-11-22T16:44:49.629Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50398 |
vulnerable | 2026-06-03 14:57:24.173704 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:27.533Z
Updated: 2024-11-22T16:44:57.341Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50397 |
vulnerable | 2026-06-03 14:57:24.172401 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:34.360Z
Updated: 2024-11-22T16:44:57.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50396 |
vulnerable | 2026-06-03 14:57:24.171492 |
QTS, QuTS hero
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:31:41.184Z
Updated: 2024-11-22T16:44:57.056Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-50393 |
vulnerable | 2026-06-03 14:57:24.138628 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:33.342Z
Updated: 2024-12-10T04:55:54.258Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48868 |
vulnerable | 2026-06-03 14:57:10.346159 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:27.206Z
Updated: 2024-12-06T19:36:12.495Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48867 |
vulnerable | 2026-06-03 14:57:10.344397 |
QTS, QuTS hero
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:20.438Z
Updated: 2024-12-06T19:38:19.849Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48866 |
vulnerable | 2026-06-03 14:57:10.342620 |
QTS, QuTS hero
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:13.985Z
Updated: 2024-12-06T19:29:20.387Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48865 |
vulnerable | 2026-06-03 14:57:10.340811 |
QTS, QuTS hero
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:36:05.597Z
Updated: 2024-12-06T19:38:27.732Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-48859 |
vulnerable | 2026-06-03 14:57:10.290335 |
QTS, QuTS hero
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later
Published: 2024-12-06T16:35:58.818Z
Updated: 2024-12-06T19:38:38.778Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38641 |
vulnerable | 2026-06-03 14:56:19.185109 |
QTS, QuTS hero
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-09-06T16:27:46.814Z
Updated: 2024-09-06T17:04:38.717Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38638 |
vulnerable | 2026-06-03 14:56:19.160270 |
QTS, QuTS hero
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
QTS 5.2.x/QuTS hero h5.2.x are not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QuTS hero h5.1.9.2954 build 20241120 and later
Published: 2025-03-07T16:12:47.551Z
Updated: 2025-03-07T17:58:55.587Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37050 |
vulnerable | 2026-06-03 14:56:05.549085 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:32:44.371Z
Updated: 2024-11-22T17:05:00.904Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37049 |
vulnerable | 2026-06-03 14:56:05.548308 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:32:49.741Z
Updated: 2024-11-22T17:05:00.765Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37048 |
vulnerable | 2026-06-03 14:56:05.547530 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:32:56.395Z
Updated: 2024-11-22T17:05:01.325Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37047 |
vulnerable | 2026-06-03 14:56:05.546861 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:03.459Z
Updated: 2024-11-22T17:05:00.638Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37046 |
vulnerable | 2026-06-03 14:56:05.545894 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:09.701Z
Updated: 2024-11-22T17:05:01.576Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37045 |
vulnerable | 2026-06-03 14:56:05.544958 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:15.661Z
Updated: 2024-11-22T17:05:01.188Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37044 |
vulnerable | 2026-06-03 14:56:05.543816 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:22.007Z
Updated: 2024-11-22T17:05:00.517Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37043 |
vulnerable | 2026-06-03 14:56:05.542996 |
QTS, QuTS hero
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:29.576Z
Updated: 2024-11-22T17:05:01.457Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37042 |
vulnerable | 2026-06-03 14:56:05.542068 |
QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:35.425Z
Updated: 2024-11-22T17:05:01.042Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-37041 |
vulnerable | 2026-06-03 14:56:05.533004 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
Published: 2024-11-22T15:33:41.157Z
Updated: 2024-11-22T17:05:00.340Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32771 |
vulnerable | 2026-06-03 14:55:48.002913 |
QTS, QuTS hero
LOW (2.6)
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Published: 2024-09-06T16:27:12.908Z
Updated: 2024-09-06T17:33:45.895Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32766 |
vulnerable | 2026-06-03 14:55:47.994305 |
QTS, QuTS hero, QuTScloud
CRITICAL (10)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:00:43.258Z
Updated: 2024-08-02T02:20:35.334Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32765 |
vulnerable | 2026-06-03 14:55:47.985835 |
QTS, QuTS hero
MEDIUM (4.2)
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-08-09T17:09:46.468Z
Updated: 2024-08-09T18:20:43.861Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32763 |
vulnerable | 2026-06-03 14:55:47.961738 |
QTS, QuTS hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-09-06T16:27:41.126Z
Updated: 2024-09-06T17:05:19.113Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27130 |
vulnerable | 2026-06-03 14:55:16.701259 |
QTS, QuTS hero
HIGH (7.2)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:46.881Z
Updated: 2024-08-02T00:27:59.262Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27129 |
vulnerable | 2026-06-03 14:55:16.699471 |
QTS, QuTS hero
MEDIUM (6.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:40.115Z
Updated: 2024-08-02T00:27:59.066Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27128 |
vulnerable | 2026-06-03 14:55:16.697900 |
QTS, QuTS hero
MEDIUM (6.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:34.365Z
Updated: 2024-08-02T00:27:59.337Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27127 |
vulnerable | 2026-06-03 14:55:16.684717 |
QTS, QuTS hero
HIGH (7.2)
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:29.155Z
Updated: 2024-08-02T00:27:59.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27124 |
vulnerable | 2026-06-03 14:55:16.674440 |
QTS, QuTS hero, QuTScloud
HIGH (7.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:00:55.893Z
Updated: 2024-08-02T00:27:59.078Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21906 |
vulnerable | 2026-06-03 14:54:51.259226 |
QTS, QuTS hero
MEDIUM (4.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
Published: 2024-09-06T16:27:36.257Z
Updated: 2024-09-06T17:06:25.449Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21905 |
vulnerable | 2026-06-03 14:54:51.258537 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.5)
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:01:00.169Z
Updated: 2024-08-12T19:31:28.640Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21904 |
vulnerable | 2026-06-03 14:54:51.257559 |
QTS, QuTS hero
MEDIUM (5.9)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-09-06T16:26:45.983Z
Updated: 2024-09-06T17:47:40.203Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21903 |
vulnerable | 2026-06-03 14:54:51.256678 |
QTS, QuTS hero
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:27.970Z
Updated: 2024-09-06T17:27:44.415Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21902 |
vulnerable | 2026-06-03 14:54:51.251706 |
QTS, QuTS hero
MEDIUM (6.4)
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Published: 2024-05-21T16:08:14.291Z
Updated: 2024-08-01T22:35:33.414Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21901 |
vulnerable | 2026-06-03 14:54:51.247899 |
myQNAPcloud
MEDIUM (4.7)
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
myQNAPcloud 1.0.52 ( 2023/11/24 ) and later
QTS 4.5.4.2627 build 20231225 and later
Published: 2024-03-08T16:17:34.753Z
Updated: 2024-08-01T22:35:34.478Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21900 |
vulnerable | 2026-06-03 14:54:51.242437 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.3)
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-03-08T16:17:29.628Z
Updated: 2025-12-16T18:13:18.660Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21899 |
vulnerable | 2026-06-03 14:54:51.235902 |
QTS, QuTS hero, QuTScloud
CRITICAL (9.8)
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-03-08T16:17:25.243Z
Updated: 2024-08-01T22:35:34.557Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21898 |
vulnerable | 2026-06-03 14:54:51.227682 |
QTS, QuTS hero
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:24.271Z
Updated: 2024-09-06T17:43:29.571Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21897 |
vulnerable | 2026-06-03 14:54:51.212103 |
QTS, QuTS hero
HIGH (8.9)
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:19.971Z
Updated: 2024-09-06T17:34:27.664Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-14026 |
vulnerable | 2026-06-03 14:54:25.888698 |
QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Published: 2026-03-11T08:02:13.413Z
Updated: 2026-03-12T03:55:17.771Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-13086 |
vulnerable | 2026-06-03 14:54:23.696031 |
QTS, QuTS hero
MEDIUM (5.3)
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
Published: 2025-03-07T16:12:39.065Z
Updated: 2025-03-07T17:55:56.464Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51368 |
vulnerable | 2026-06-03 14:53:32.051002 |
QTS, QuTS hero
MEDIUM (5.4)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:15.562Z
Updated: 2024-09-06T17:34:51.382Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51367 |
vulnerable | 2026-06-03 14:53:32.049876 |
QTS, QuTS hero
MEDIUM (5.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:10.766Z
Updated: 2024-09-06T17:39:58.509Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51366 |
vulnerable | 2026-06-03 14:53:32.048796 |
QTS, QuTS hero
HIGH (8.7)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:26:04.945Z
Updated: 2024-09-06T17:40:37.404Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51365 |
vulnerable | 2026-06-03 14:53:32.047879 |
QTS, QuTS hero, QuTScloud
HIGH (8.7)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:01:04.335Z
Updated: 2024-08-02T22:32:09.027Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51364 |
vulnerable | 2026-06-03 14:53:32.030083 |
QTS, QuTS hero, QuTScloud
HIGH (8.7)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:01:08.345Z
Updated: 2024-08-02T22:32:09.120Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50366 |
vulnerable | 2026-06-03 14:53:30.972023 |
QTS, QuTS hero
MEDIUM (4.3)
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-09-06T16:25:57.242Z
Updated: 2024-09-06T17:40:59.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50364 |
vulnerable | 2026-06-03 14:53:30.970816 |
QTS, QuTS hero
MEDIUM (6.4)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:12.216Z
Updated: 2024-08-02T22:16:46.326Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50363 |
vulnerable | 2026-06-03 14:53:30.969639 |
QTS, QuTS hero
HIGH (7.4)
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:16.523Z
Updated: 2024-08-02T22:16:46.611Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50362 |
vulnerable | 2026-06-03 14:53:30.968698 |
QTS, QuTS hero
MEDIUM (5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:20.310Z
Updated: 2024-08-02T22:16:46.740Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50361 |
vulnerable | 2026-06-03 14:53:30.961302 |
QTS, QuTS hero
MEDIUM (5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
Published: 2024-04-26T15:01:23.907Z
Updated: 2024-08-02T22:16:46.330Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50359 |
vulnerable | 2026-06-03 14:53:30.946808 |
QTS, QuTS hero
LOW (3.4)
An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
Published: 2024-02-02T16:06:16.972Z
Updated: 2024-08-02T22:16:46.521Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50358 |
vulnerable | 2026-06-03 14:53:30.927993 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-13T02:45:22.351Z
Updated: 2025-05-09T18:16:31.828Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47568 |
vulnerable | 2026-06-03 14:53:17.694512 |
QTS, QuTS hero, QuTScloud
HIGH (8.8)
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:06:10.742Z
Updated: 2024-08-27T16:38:49.138Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47567 |
vulnerable | 2026-06-03 14:53:17.678139 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:06:05.095Z
Updated: 2024-11-07T21:13:10.959Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47566 |
vulnerable | 2026-06-03 14:53:17.666305 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:59.833Z
Updated: 2025-06-16T19:36:40.669Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47218 |
vulnerable | 2026-06-03 14:53:17.201233 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-13T02:44:14.677Z
Updated: 2025-05-07T21:13:18.700Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45044 |
vulnerable | 2026-06-03 14:53:07.336115 |
QTS, QuTS hero
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-01-05T16:19:00.887Z
Updated: 2025-06-03T14:41:25.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45043 |
vulnerable | 2026-06-03 14:53:07.335301 |
QTS, QuTS hero
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-01-05T16:18:56.178Z
Updated: 2025-06-17T20:29:12.514Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45042 |
vulnerable | 2026-06-03 14:53:07.334595 |
QTS, QuTS hero
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-01-05T16:18:51.368Z
Updated: 2025-06-17T20:29:12.387Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45041 |
vulnerable | 2026-06-03 14:53:07.333851 |
QTS, QuTS hero
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-01-05T16:18:46.583Z
Updated: 2024-11-14T18:15:55.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45040 |
vulnerable | 2026-06-03 14:53:07.332991 |
QTS, QuTS hero
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-01-05T16:18:41.220Z
Updated: 2025-06-17T20:29:12.257Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45039 |
vulnerable | 2026-06-03 14:53:07.332235 |
QTS, QuTS hero
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-01-05T16:18:37.227Z
Updated: 2024-08-26T18:42:32.314Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45037 |
vulnerable | 2026-06-03 14:53:07.327649 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:37.258Z
Updated: 2025-06-17T21:29:23.928Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45036 |
vulnerable | 2026-06-03 14:53:07.317598 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:31.409Z
Updated: 2025-06-17T21:29:23.773Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45035 |
vulnerable | 2026-06-03 14:53:07.316788 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:25.788Z
Updated: 2025-06-17T21:29:23.649Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45028 |
vulnerable | 2026-06-03 14:53:07.315859 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:20.257Z
Updated: 2024-08-02T20:14:18.196Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45027 |
vulnerable | 2026-06-03 14:53:07.314485 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:13.689Z
Updated: 2024-08-02T20:14:18.370Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45026 |
vulnerable | 2026-06-03 14:53:07.309054 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:07.756Z
Updated: 2024-11-07T21:14:28.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45025 |
vulnerable | 2026-06-03 14:53:07.284556 |
QTS, QuTS hero, QuTScloud
CRITICAL (9)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:02.613Z
Updated: 2025-06-16T18:05:14.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41292 |
vulnerable | 2026-06-03 14:52:51.561260 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:57.919Z
Updated: 2025-06-17T21:29:23.513Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41283 |
vulnerable | 2026-06-03 14:52:51.547028 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:53.120Z
Updated: 2024-09-06T17:42:13.440Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41282 |
vulnerable | 2026-06-03 14:52:51.539062 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:48.454Z
Updated: 2025-05-07T20:08:08.057Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41281 |
vulnerable | 2026-06-03 14:52:51.521094 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:43.783Z
Updated: 2025-05-15T19:49:26.415Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41280 |
vulnerable | 2026-06-03 14:52:51.520328 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:39.355Z
Updated: 2024-08-02T18:54:05.015Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41279 |
vulnerable | 2026-06-03 14:52:51.519597 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:34.569Z
Updated: 2024-08-02T18:54:05.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41278 |
vulnerable | 2026-06-03 14:52:51.518707 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:27.970Z
Updated: 2024-08-02T18:54:05.107Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41277 |
vulnerable | 2026-06-03 14:52:51.517962 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:21.359Z
Updated: 2025-06-17T21:29:23.386Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41276 |
vulnerable | 2026-06-03 14:52:51.517111 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:14.305Z
Updated: 2025-06-17T21:29:23.256Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41275 |
vulnerable | 2026-06-03 14:52:51.516354 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:05.690Z
Updated: 2025-05-09T17:41:06.402Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41274 |
vulnerable | 2026-06-03 14:52:51.515559 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:56.592Z
Updated: 2024-08-02T18:54:05.183Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41273 |
vulnerable | 2026-06-03 14:52:51.505279 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:45.627Z
Updated: 2024-08-02T18:54:05.073Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39303 |
vulnerable | 2026-06-03 14:52:38.637304 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.3)
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:30.513Z
Updated: 2024-09-06T17:42:19.482Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39302 |
vulnerable | 2026-06-03 14:52:38.633034 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:02.933Z
Updated: 2024-08-29T18:46:50.784Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39301 |
vulnerable | 2026-06-03 14:52:38.631164 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.3)
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build 20230815 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.1.2488 build 20230812 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-11-03T16:34:52.566Z
Updated: 2024-09-05T13:58:28.386Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39300 |
not_vulnerable | 2026-06-03 14:52:38.587907 |
QTS
HIGH (7.2)
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Published: 2024-09-06T16:27:04.275Z
Updated: 2024-09-06T17:44:00.200Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39300 |
vulnerable | 2026-06-03 14:52:38.587876 |
QTS
HIGH (7.2)
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Published: 2024-09-06T16:27:04.275Z
Updated: 2024-09-06T17:44:00.200Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39298 |
vulnerable | 2026-06-03 14:52:38.573007 |
QTS, QuTS hero
HIGH (7.8)
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Published: 2024-09-06T16:27:08.552Z
Updated: 2024-09-06T17:43:57.324Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39297 |
vulnerable | 2026-06-03 14:52:38.549522 |
QTS, QuTS hero, QuTScloud
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:13.178Z
Updated: 2025-05-15T19:49:40.351Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39296 |
vulnerable | 2026-06-03 14:52:38.548491 |
QTS, QuTS hero
HIGH (7.5)
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
Published: 2024-01-05T16:19:20.645Z
Updated: 2025-06-03T14:41:20.050Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39294 |
vulnerable | 2026-06-03 14:52:38.536076 |
QTS, QuTS hero
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
Published: 2024-01-05T16:19:26.278Z
Updated: 2024-09-04T19:53:30.491Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34980 |
vulnerable | 2026-06-03 14:52:17.494146 |
QTS, QuTS hero
MEDIUM (5.9)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h4.5.4.2626 build 20231225 and later
Published: 2024-03-08T16:16:00.564Z
Updated: 2024-09-06T17:42:06.996Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34979 |
vulnerable | 2026-06-03 14:52:17.492949 |
QTS, QuTS hero
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 20240606 and later
Published: 2024-09-06T16:27:31.562Z
Updated: 2024-09-06T17:22:05.522Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34975 |
vulnerable | 2026-06-03 14:52:17.488623 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later
Published: 2023-10-13T19:17:06.034Z
Updated: 2026-01-12T09:15:12.250Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34974 |
vulnerable | 2026-06-03 14:52:17.469120 |
QTS, QuTS hero, QuTScloud, QVR, QES
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
Published: 2024-09-06T16:27:27.244Z
Updated: 2024-09-06T17:41:58.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34973 |
vulnerable | 2026-06-03 14:52:17.467391 |
QTS, QuTS hero
LOW (3.1)
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
Published: 2023-08-24T16:15:27.703Z
Updated: 2024-09-30T19:09:53.667Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34972 |
vulnerable | 2026-06-03 14:52:17.466931 |
QTS, QuTS hero and QuTScloud
LOW (3.5)
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
Published: 2023-08-24T16:15:16.038Z
Updated: 2024-09-30T19:10:16.091Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34971 |
vulnerable | 2026-06-03 14:52:17.464495 |
QTS, QuTS hero
HIGH (7.1)
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
Published: 2023-08-24T16:14:56.611Z
Updated: 2024-10-02T19:46:35.096Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32975 |
vulnerable | 2026-06-03 14:52:00.787426 |
QTS, QuTS hero
MEDIUM (4.9)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.2.2534 build 20230927 and later
Published: 2023-12-08T16:07:05.465Z
Updated: 2025-05-27T14:47:36.100Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32974 |
vulnerable | 2026-06-03 14:52:00.786657 |
QTS, QuTS hero, QuTScloud
HIGH (7.5)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-13T19:16:44.112Z
Updated: 2024-09-17T16:34:55.421Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32973 |
vulnerable | 2026-06-03 14:52:00.785708 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-13T19:16:32.872Z
Updated: 2024-09-16T20:21:50.275Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32972 |
vulnerable | 2026-06-03 14:52:00.785087 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-06T16:36:33.766Z
Updated: 2024-09-19T14:40:09.223Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32971 |
vulnerable | 2026-06-03 14:52:00.784340 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-06T16:36:19.114Z
Updated: 2024-09-19T14:44:32.964Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32970 |
vulnerable | 2026-06-03 14:52:00.783751 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.9)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2453 build 20230708 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
Published: 2023-10-13T19:16:18.592Z
Updated: 2024-09-16T20:29:45.599Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32969 |
vulnerable | 2026-06-03 14:52:00.778059 |
Network & Virtual Switch
MEDIUM (4.9)
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-03-08T16:17:19.645Z
Updated: 2024-08-02T15:32:46.225Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32968 |
vulnerable | 2026-06-03 14:52:00.752629 |
QTS, QuTS hero
MEDIUM (4.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.2.2534 build 20230927 and later
Published: 2023-12-08T16:07:14.915Z
Updated: 2024-08-02T15:32:46.126Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32967 |
vulnerable | 2026-06-03 14:52:00.743181 |
QTS, QuTScloud
MEDIUM (5)
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
QTS 5.x, QuTS hero are not affected.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 4.5.4.2627 build 20231225 and later
Published: 2024-02-02T16:02:21.048Z
Updated: 2024-08-02T15:32:46.547Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23372 |
vulnerable | 2026-06-03 14:49:21.396944 |
QTS, QuTS hero
MEDIUM (6.5)
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h4.5.4.2476 build 20230728 and later
Published: 2023-12-08T16:07:10.482Z
Updated: 2024-08-02T10:28:40.841Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23369 |
vulnerable | 2026-06-03 14:49:21.346412 |
QTS, Multimedia Console, and Media Streaming add-on
CRITICAL (9)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later
Published: 2023-11-03T16:34:40.084Z
Updated: 2025-02-27T20:34:32.639Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23368 |
vulnerable | 2026-06-03 14:49:21.330608 |
QTS, QuTS hero, QuTScloud
CRITICAL (9.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-11-03T16:34:24.216Z
Updated: 2025-02-27T20:34:38.708Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23367 |
vulnerable | 2026-06-03 14:49:21.306436 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-11-10T14:49:46.924Z
Updated: 2025-02-26T21:27:17.842Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23363 |
vulnerable | 2026-06-03 14:49:21.301634 |
QTS
HIGH (8.1)
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
Published: 2023-09-22T03:50:42.730Z
Updated: 2024-09-24T18:10:34.196Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23362 |
vulnerable | 2026-06-03 14:49:21.299001 |
QTS, QuTS hero, QuTScloud
HIGH (8.8)
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-09-22T03:27:19.075Z
Updated: 2024-09-24T18:12:15.044Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23355 |
vulnerable | 2026-06-03 14:49:21.280777 |
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-03-29T04:02:59.944Z
Updated: 2025-02-12T16:49:09.437Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27600 |
vulnerable | 2026-06-03 14:46:47.575161 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.8)
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2277 and later
QTS 4.5.4.2280 build 20230112 and later
QuTS hero h5.0.1.2277 build 20230112 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2024-12-19T01:39:38.167Z
Updated: 2024-12-20T17:41:53.027Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27598 |
vulnerable | 2026-06-03 14:46:47.569688 |
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
LOW (2.7)
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-12T19:32:03.826Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27597 |
vulnerable | 2026-06-03 14:46:47.559704 |
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
LOW (2.7)
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-12T19:32:39.994Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27596 |
vulnerable | 2026-06-03 14:46:47.558342 |
Vulnerability in QTS
CRITICAL (9.8)
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of QuTS hero, QTS:
QuTS hero h5.0.1.2248 build 20221215 and later
QTS 5.0.1.2234 build 20221201 and later
Published: 2023-01-30T01:13:47.317Z
Updated: 2025-03-27T18:24:56.700Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44054 |
vulnerable | 2026-06-03 14:45:35.421843 |
Open redirect
MEDIUM (4.3)
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
Published: 2022-05-05T16:50:24.966Z
Updated: 2024-09-16T16:57:37.609Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44053 |
vulnerable | 2026-06-03 14:45:35.420643 |
Reflected XSS
MEDIUM (5.7)
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later
Published: 2022-05-05T16:50:23.491Z
Updated: 2024-09-16T19:31:09.468Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44052 |
vulnerable | 2026-06-03 14:45:35.419922 |
Arbitrary file read
MEDIUM (6.5)
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
Published: 2022-05-05T16:50:22.030Z
Updated: 2024-09-16T22:56:12.420Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44051 |
vulnerable | 2026-06-03 14:45:35.411666 |
Command injection
HIGH (8.8)
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later
Published: 2022-05-05T16:50:20.575Z
Updated: 2024-09-16T17:43:45.081Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-38693 |
vulnerable | 2026-06-03 14:45:07.901846 |
Path Traversal in thttpd
MEDIUM (5.3)
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
Published: 2022-05-05T16:50:19.054Z
Updated: 2024-09-16T18:08:15.851Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-38674 |
vulnerable | 2026-06-03 14:45:07.862263 |
Reflected XSS Vulnerability in TFTP
MEDIUM (4.2)
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later
Published: 2022-01-07T01:15:12.605Z
Updated: 2024-09-16T20:07:25.825Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34343 |
vulnerable | 2026-06-03 14:44:44.706529 |
Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud
MEDIUM (6)
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later
Published: 2021-09-10T04:00:23.084Z
Updated: 2024-09-16T20:22:18.541Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28816 |
vulnerable | 2026-06-03 14:44:18.832666 |
Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud
HIGH (7.6)
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later
Published: 2021-09-10T04:00:21.577Z
Updated: 2024-09-17T01:56:02.590Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28806 |
vulnerable | 2026-06-03 14:44:18.799659 |
DOM-Based XSS Vulnerability in QTS and QuTS hero
MEDIUM (5.7)
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503. This issue does not affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3.
Published: 2021-06-03T02:45:13.325Z
Updated: 2024-09-16T22:55:32.202Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28804 |
vulnerable | 2026-06-03 14:44:18.796896 |
Command Injection Vulnerabilities in QTS and QuTS hero
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
Published: 2021-07-01T02:00:23.564Z
Updated: 2024-09-16T16:54:06.578Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28802 |
vulnerable | 2026-06-03 14:44:18.792493 |
Command Injection Vulnerabilities in QTS and QuTS hero
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217.
Published: 2021-07-01T02:00:20.433Z
Updated: 2024-09-16T22:15:54.877Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28800 |
vulnerable | 2026-06-03 14:44:18.779400 |
Command Injection Vulnerability in QTS
HIGH (8.1)
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. QNAP Systems Inc. QuTScloud c4.5.5.
Published: 2021-06-24T06:20:11.049Z
Updated: 2024-09-16T23:01:07.180Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28798 |
vulnerable | 2026-06-03 14:44:18.764107 |
Relative Path Traversal Vulnerability in QTS and QuTS hero
HIGH (8.8)
A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.
Published: 2021-05-21T03:00:11.671Z
Updated: 2024-09-16T18:49:25.069Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36195 |
vulnerable | 2026-06-03 14:42:33.263745 |
SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On
CRITICAL (9.8)
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later
Published: 2021-04-17T03:50:13.274Z
Updated: 2024-09-16T17:28:07.500Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36194 |
vulnerable | 2026-06-03 14:42:33.263002 |
XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero
MEDIUM (6.1)
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3.
Published: 2021-07-01T02:00:17.242Z
Updated: 2024-09-17T02:01:31.559Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2509 |
vulnerable | 2026-06-03 14:42:30.467539 |
Command Injection Vulnerability in QTS and QuTS hero
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later
Published: 2021-04-17T03:50:12.655Z
Updated: 2025-10-21T23:25:49.063Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2508 |
vulnerable | 2026-06-03 14:42:30.466461 |
Command Injection Vulnerability in QTS and QuTS hero
HIGH (7.2)
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)
Published: 2021-01-11T14:24:02.569Z
Updated: 2024-09-16T18:54:05.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2498 |
vulnerable | 2026-06-03 14:42:30.445470 |
Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Published: 2020-12-10T03:45:19.398Z
Updated: 2024-09-16T20:12:28.817Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2497 |
vulnerable | 2026-06-03 14:42:30.445024 |
Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Published: 2020-12-10T03:43:11.879Z
Updated: 2024-09-16T23:27:03.580Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2496 |
vulnerable | 2026-06-03 14:42:30.444552 |
Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Published: 2020-12-10T03:41:39.475Z
Updated: 2024-09-17T02:20:35.583Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2495 |
vulnerable | 2026-06-03 14:42:30.442568 |
Cross-site scripting vulnerability in QTS and QuTS hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later
Published: 2020-12-10T03:39:04.077Z
Updated: 2024-09-16T23:26:14.829Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2492 |
vulnerable | 2026-06-03 14:42:30.432128 |
Details available
HIGH (7.2)
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
Published: 2020-11-16T00:55:26.390Z
Updated: 2024-09-16T18:43:45.888Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2490 |
vulnerable | 2026-06-03 14:42:30.423868 |
Details available
HIGH (7.2)
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
Published: 2020-11-16T00:56:21.109Z
Updated: 2024-09-16T19:51:29.911Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25847 |
not_vulnerable | 2026-06-03 14:42:15.506223 |
Command Injection Vulnerability in QTS and QuTS hero
HIGH (8.8)
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.
Published: 2020-12-29T07:10:13.047Z
Updated: 2024-09-16T16:28:10.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25847 |
vulnerable | 2026-06-03 14:42:15.506169 |
Command Injection Vulnerability in QTS and QuTS hero
HIGH (8.8)
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.
Published: 2020-12-29T07:10:13.047Z
Updated: 2024-09-16T16:28:10.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-7198 |
vulnerable | 2026-06-03 14:40:41.461382 |
Command Injection Vulnerability in QTS and QuTS hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later
Published: 2020-12-10T03:34:17.478Z
Updated: 2024-09-16T21:07:42.305Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19957 |
vulnerable | 2026-06-03 14:38:29.914326 |
Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later
Published: 2021-09-10T04:00:18.472Z
Updated: 2024-09-17T02:57:44.608Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19953 |
vulnerable | 2026-06-03 14:38:29.909528 |
Details available
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Published: 2020-10-28T17:55:18.000Z
Updated: 2025-10-21T23:35:33.900Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19949 |
vulnerable | 2026-06-03 14:38:29.903086 |
Details available
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Published: 2020-10-28T17:55:18.000Z
Updated: 2025-10-21T23:35:34.057Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19945 |
not_vulnerable | 2026-06-03 14:38:29.897905 |
Improper Limitation of a Pathname to a Restricted Directory in QTS
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.
Published: 2020-12-31T16:33:27.917Z
Updated: 2024-09-17T02:01:35.778Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19945 |
vulnerable | 2026-06-03 14:38:29.897872 |
Improper Limitation of a Pathname to a Restricted Directory in QTS
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.
Published: 2020-12-31T16:33:27.917Z
Updated: 2024-09-17T02:01:35.778Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19944 |
vulnerable | 2026-06-03 14:38:29.897521 |
Cleartext Transmission of Sensitive Information in SNMP
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)
Published: 2020-12-31T16:33:27.820Z
Updated: 2024-09-17T02:11:00.534Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19943 |
vulnerable | 2026-06-03 14:38:29.896986 |
Details available
HIGH (8)
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
Published: 2020-10-28T17:55:18.000Z
Updated: 2025-10-21T23:35:34.195Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19942 |
vulnerable | 2026-06-03 14:38:29.843088 |
Cross-site Scripting Vulnerability in File Station
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)
Published: 2021-04-16T01:10:14.083Z
Updated: 2024-09-16T20:32:52.915Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19941 |
vulnerable | 2026-06-03 14:38:29.836052 |
Cleartext Storage of Sensitive Information in Cookies
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
Published: 2020-12-31T16:33:27.622Z
Updated: 2024-09-16T23:50:48.219Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0721 |
vulnerable | 2026-06-03 14:37:51.588343 |
Security Advisory for Vulnerabilities in QTS
HIGH (7.7)
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
Published: 2018-11-27T22:00:00.000Z
Updated: 2024-08-05T03:35:49.256Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0719 |
vulnerable | 2026-06-03 14:37:51.587854 |
Security Advisory for Vulnerabilities in QTS
MEDIUM (5.5)
Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
Published: 2018-11-27T21:00:00.000Z
Updated: 2024-09-16T20:22:21.156Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.