Filtered by vendor Qnap
Subscribe
Total
458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-33039 | 1 Qnap | 1 Qsync Central | 2025-10-07 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-33040 | 1 Qnap | 1 Qsync Central | 2025-10-07 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2023-41290 | 1 Qnap | 1 Qufirewall | 2025-09-24 | N/A | 4.1 MEDIUM |
| A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later | |||||
| CVE-2023-41291 | 1 Qnap | 1 Qufirewall | 2025-09-24 | N/A | 5.5 MEDIUM |
| A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later | |||||
| CVE-2024-50390 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | |||||
| CVE-2024-53700 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 7.2 HIGH |
| A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later | |||||
| CVE-2024-13087 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 6.7 MEDIUM |
| A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later | |||||
| CVE-2024-13088 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 7.8 HIGH |
| An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later | |||||
| CVE-2023-23356 | 1 Qnap | 1 Qufirewall | 2025-09-24 | N/A | 5.5 MEDIUM |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later | |||||
| CVE-2024-50389 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | |||||
| CVE-2024-48861 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 7.8 HIGH |
| An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later | |||||
| CVE-2024-48860 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later | |||||
| CVE-2025-29887 | 1 Qnap | 1 Qurouter | 2025-09-24 | N/A | 7.2 HIGH |
| A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later | |||||
| CVE-2025-22481 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 8.8 HIGH |
| A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | |||||
| CVE-2024-56805 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 5.4 MEDIUM |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | |||||
| CVE-2024-53699 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 7.2 HIGH |
| An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||
| CVE-2024-53698 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 4.9 MEDIUM |
| A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||
| CVE-2024-53697 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 7.2 HIGH |
| An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||
| CVE-2024-38638 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 7.2 HIGH |
| An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later | |||||
| CVE-2024-53691 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-23 | N/A | 8.8 HIGH |
| A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later | |||||