Approved changes feed: RSS · Atom
cpe:2.3:a:qnap_systems_inc.:qutscloud:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Qnap Systems Inc. (1f66ac1e-0889-51bf-b27f-24c7175e5920) |
|---|---|
| Product | Qutscloud (7431f05e-bc9f-54df-adde-f645203369b3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-32771 |
not_vulnerable | 2026-06-03 14:55:48.002977 |
QTS, QuTS hero
LOW (2.6)
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Published: 2024-09-06T16:27:12.908Z
Updated: 2024-09-06T17:33:45.895Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-32766 |
vulnerable | 2026-06-03 14:55:47.995273 |
QTS, QuTS hero, QuTScloud
CRITICAL (10)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:00:43.258Z
Updated: 2024-08-02T02:20:35.334Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27124 |
vulnerable | 2026-06-03 14:55:16.676091 |
QTS, QuTS hero, QuTScloud
HIGH (7.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:00:55.893Z
Updated: 2024-08-02T00:27:59.078Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21905 |
vulnerable | 2026-06-03 14:54:51.258586 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.5)
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:01:00.169Z
Updated: 2024-08-12T19:31:28.640Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21900 |
vulnerable | 2026-06-03 14:54:51.242487 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.3)
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-03-08T16:17:29.628Z
Updated: 2025-12-16T18:13:18.660Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21899 |
vulnerable | 2026-06-03 14:54:51.236841 |
QTS, QuTS hero, QuTScloud
CRITICAL (9.8)
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-03-08T16:17:25.243Z
Updated: 2024-08-01T22:35:34.557Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51365 |
not_vulnerable | 2026-06-03 14:53:32.047930 |
QTS, QuTS hero, QuTScloud
HIGH (8.7)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:01:04.335Z
Updated: 2024-08-02T22:32:09.027Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-51364 |
vulnerable | 2026-06-03 14:53:32.030159 |
QTS, QuTS hero, QuTScloud
HIGH (8.7)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-04-26T15:01:08.345Z
Updated: 2024-08-02T22:32:09.120Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50358 |
vulnerable | 2026-06-03 14:53:30.929402 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-13T02:45:22.351Z
Updated: 2025-05-09T18:16:31.828Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47568 |
vulnerable | 2026-06-03 14:53:17.694586 |
QTS, QuTS hero, QuTScloud
HIGH (8.8)
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:06:10.742Z
Updated: 2024-08-27T16:38:49.138Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47567 |
vulnerable | 2026-06-03 14:53:17.678218 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:06:05.095Z
Updated: 2024-11-07T21:13:10.959Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47566 |
vulnerable | 2026-06-03 14:53:17.666510 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:59.833Z
Updated: 2025-06-16T19:36:40.669Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47218 |
vulnerable | 2026-06-03 14:53:17.202704 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-13T02:44:14.677Z
Updated: 2025-05-07T21:13:18.700Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45037 |
vulnerable | 2026-06-03 14:53:07.327722 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:37.258Z
Updated: 2025-06-17T21:29:23.928Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45036 |
vulnerable | 2026-06-03 14:53:07.317658 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:31.409Z
Updated: 2025-06-17T21:29:23.773Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45035 |
vulnerable | 2026-06-03 14:53:07.316845 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:25.788Z
Updated: 2025-06-17T21:29:23.649Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45028 |
vulnerable | 2026-06-03 14:53:07.315931 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:20.257Z
Updated: 2024-08-02T20:14:18.196Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45027 |
vulnerable | 2026-06-03 14:53:07.314553 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:13.689Z
Updated: 2024-08-02T20:14:18.370Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45026 |
vulnerable | 2026-06-03 14:53:07.309124 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:07.756Z
Updated: 2024-11-07T21:14:28.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45025 |
vulnerable | 2026-06-03 14:53:07.285729 |
QTS, QuTS hero, QuTScloud
CRITICAL (9)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:05:02.613Z
Updated: 2025-06-16T18:05:14.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41292 |
vulnerable | 2026-06-03 14:52:51.561327 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:57.919Z
Updated: 2025-06-17T21:29:23.513Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41283 |
vulnerable | 2026-06-03 14:52:51.547078 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:53.120Z
Updated: 2024-09-06T17:42:13.440Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41282 |
vulnerable | 2026-06-03 14:52:51.539133 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:48.454Z
Updated: 2025-05-07T20:08:08.057Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41281 |
vulnerable | 2026-06-03 14:52:51.521157 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:43.783Z
Updated: 2025-05-15T19:49:26.415Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41280 |
vulnerable | 2026-06-03 14:52:51.520390 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:39.355Z
Updated: 2024-08-02T18:54:05.015Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41279 |
vulnerable | 2026-06-03 14:52:51.519650 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:34.569Z
Updated: 2024-08-02T18:54:05.192Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41278 |
vulnerable | 2026-06-03 14:52:51.518760 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:27.970Z
Updated: 2024-08-02T18:54:05.107Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41277 |
vulnerable | 2026-06-03 14:52:51.518023 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:21.359Z
Updated: 2025-06-17T21:29:23.386Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41276 |
vulnerable | 2026-06-03 14:52:51.517179 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:14.305Z
Updated: 2025-06-17T21:29:23.256Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41275 |
vulnerable | 2026-06-03 14:52:51.516415 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:04:05.690Z
Updated: 2025-05-09T17:41:06.402Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41274 |
vulnerable | 2026-06-03 14:52:51.515629 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:56.592Z
Updated: 2024-08-02T18:54:05.183Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41273 |
vulnerable | 2026-06-03 14:52:51.506949 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.5)
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:45.627Z
Updated: 2024-08-02T18:54:05.073Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39303 |
vulnerable | 2026-06-03 14:52:38.637348 |
QTS, QuTS hero, QuTScloud
MEDIUM (5.3)
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:30.513Z
Updated: 2024-09-06T17:42:19.482Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39302 |
vulnerable | 2026-06-03 14:52:38.633100 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:02.933Z
Updated: 2024-08-29T18:46:50.784Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39301 |
vulnerable | 2026-06-03 14:52:38.631238 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.3)
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build 20230815 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.1.2488 build 20230812 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-11-03T16:34:52.566Z
Updated: 2024-09-05T13:58:28.386Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39300 |
not_vulnerable | 2026-06-03 14:52:38.587952 |
QTS
HIGH (7.2)
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Published: 2024-09-06T16:27:04.275Z
Updated: 2024-09-06T17:44:00.200Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39298 |
not_vulnerable | 2026-06-03 14:52:38.573060 |
QTS, QuTS hero
HIGH (7.8)
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Published: 2024-09-06T16:27:08.552Z
Updated: 2024-09-06T17:43:57.324Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39297 |
vulnerable | 2026-06-03 14:52:38.551688 |
QTS, QuTS hero, QuTScloud
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Published: 2024-02-02T16:03:13.178Z
Updated: 2025-05-15T19:49:40.351Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34975 |
not_vulnerable | 2026-06-03 14:52:17.488650 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later
Published: 2023-10-13T19:17:06.034Z
Updated: 2026-01-12T09:15:12.250Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34974 |
not_vulnerable | 2026-06-03 14:52:17.471264 |
QTS, QuTS hero, QuTScloud, QVR, QES
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
Published: 2024-09-06T16:27:27.244Z
Updated: 2024-09-06T17:41:58.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32974 |
vulnerable | 2026-06-03 14:52:00.786807 |
QTS, QuTS hero, QuTScloud
HIGH (7.5)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-13T19:16:44.112Z
Updated: 2024-09-17T16:34:55.421Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32973 |
vulnerable | 2026-06-03 14:52:00.785879 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-13T19:16:32.872Z
Updated: 2024-09-16T20:21:50.275Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32972 |
vulnerable | 2026-06-03 14:52:00.785146 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-06T16:36:33.766Z
Updated: 2024-09-19T14:40:09.223Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32971 |
vulnerable | 2026-06-03 14:52:00.784524 |
QTS, QuTS hero, QuTScloud
LOW (3.8)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-10-06T16:36:19.114Z
Updated: 2024-09-19T14:44:32.964Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32970 |
vulnerable | 2026-06-03 14:52:00.783720 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.9)
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2453 build 20230708 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
Published: 2023-10-13T19:16:18.592Z
Updated: 2024-09-16T20:29:45.599Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32969 |
vulnerable | 2026-06-03 14:52:00.778005 |
Network & Virtual Switch
MEDIUM (4.9)
A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
Published: 2024-03-08T16:17:19.645Z
Updated: 2024-08-02T15:32:46.225Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32967 |
vulnerable | 2026-06-03 14:52:00.742062 |
QTS, QuTScloud
MEDIUM (5)
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
QTS 5.x, QuTS hero are not affected.
We have already fixed the vulnerability in the following versions:
QuTScloud c5.1.5.2651 and later
QTS 4.5.4.2627 build 20231225 and later
Published: 2024-02-02T16:02:21.048Z
Updated: 2024-08-02T15:32:46.547Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23368 |
vulnerable | 2026-06-03 14:49:21.330682 |
QTS, QuTS hero, QuTScloud
CRITICAL (9.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-11-03T16:34:24.216Z
Updated: 2025-02-27T20:34:38.708Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23367 |
vulnerable | 2026-06-03 14:49:21.306497 |
QTS, QuTS hero, QuTScloud
MEDIUM (4.7)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.1.0.2498 and later
Published: 2023-11-10T14:49:46.924Z
Updated: 2025-02-26T21:27:17.842Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23362 |
vulnerable | 2026-06-03 14:49:21.299056 |
QTS, QuTS hero, QuTScloud
HIGH (8.8)
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-09-22T03:27:19.075Z
Updated: 2024-09-24T18:12:15.044Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23355 |
vulnerable | 2026-06-03 14:49:21.282105 |
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-03-29T04:02:59.944Z
Updated: 2025-02-12T16:49:09.437Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27600 |
vulnerable | 2026-06-03 14:46:47.576176 |
QTS, QuTS hero, QuTScloud
MEDIUM (6.8)
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2277 and later
QTS 4.5.4.2280 build 20230112 and later
QuTS hero h5.0.1.2277 build 20230112 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2024-12-19T01:39:38.167Z
Updated: 2024-12-20T17:41:53.027Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44054 |
vulnerable | 2026-06-03 14:45:35.421789 |
Open redirect
MEDIUM (4.3)
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
Published: 2022-05-05T16:50:24.966Z
Updated: 2024-09-16T16:57:37.609Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44053 |
vulnerable | 2026-06-03 14:45:35.420700 |
Reflected XSS
MEDIUM (5.7)
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later
Published: 2022-05-05T16:50:23.491Z
Updated: 2024-09-16T19:31:09.468Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44052 |
vulnerable | 2026-06-03 14:45:35.419854 |
Arbitrary file read
MEDIUM (6.5)
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
Published: 2022-05-05T16:50:22.030Z
Updated: 2024-09-16T22:56:12.420Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44051 |
vulnerable | 2026-06-03 14:45:35.410456 |
Command injection
HIGH (8.8)
A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later
Published: 2022-05-05T16:50:20.575Z
Updated: 2024-09-16T17:43:45.081Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-38693 |
vulnerable | 2026-06-03 14:45:07.901791 |
Path Traversal in thttpd
MEDIUM (5.3)
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later
Published: 2022-05-05T16:50:19.054Z
Updated: 2024-09-16T18:08:15.851Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-38674 |
vulnerable | 2026-06-03 14:45:07.862884 |
Reflected XSS Vulnerability in TFTP
MEDIUM (4.2)
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later
Published: 2022-01-07T01:15:12.605Z
Updated: 2024-09-16T20:07:25.825Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-34343 |
vulnerable | 2026-06-03 14:44:44.707190 |
Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud
MEDIUM (6)
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later
Published: 2021-09-10T04:00:23.084Z
Updated: 2024-09-16T20:22:18.541Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28816 |
vulnerable | 2026-06-03 14:44:18.832709 |
Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud
HIGH (7.6)
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QTS 4.3.3.1693 build 20210624 and later QTS 4.3.6.1750 build 20210730 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later
Published: 2021-09-10T04:00:21.577Z
Updated: 2024-09-17T01:56:02.590Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28806 |
vulnerable | 2026-06-03 14:44:18.799730 |
DOM-Based XSS Vulnerability in QTS and QuTS hero
MEDIUM (5.7)
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503. This issue does not affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3.
Published: 2021-06-03T02:45:13.325Z
Updated: 2024-09-16T22:55:32.202Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28800 |
not_vulnerable | 2026-06-03 14:44:18.780511 |
Command Injection Vulnerability in QTS
HIGH (8.1)
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. QNAP Systems Inc. QuTS hero h4.5.3. QNAP Systems Inc. QuTScloud c4.5.5.
Published: 2021-06-24T06:20:11.049Z
Updated: 2024-09-16T23:01:07.180Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19957 |
vulnerable | 2026-06-03 14:38:29.914379 |
Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later
Published: 2021-09-10T04:00:18.472Z
Updated: 2024-09-17T02:57:44.608Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19942 |
vulnerable | 2026-06-03 14:38:29.843172 |
Cross-site Scripting Vulnerability in File Station
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)
Published: 2021-04-16T01:10:14.083Z
Updated: 2024-09-16T20:32:52.915Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-19941 |
vulnerable | 2026-06-03 14:38:29.838600 |
Cleartext Storage of Sensitive Information in Cookies
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
Published: 2020-12-31T16:33:27.622Z
Updated: 2024-09-16T23:50:48.219Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.