qnap

613 tracked vulnerabilities.

CVE-2024-37041 HIGH
QNAP QTS and QuTS hero - Heap-based Buffer Overflow
Nov 22, 2024
CVSS 7.2
EPSS 0.03
CVE-2024-32770 MEDIUM
QNAP Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
Nov 22, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-32769 MEDIUM
QNAP Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
Nov 22, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-32768 MEDIUM
Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
Nov 22, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-32767 MEDIUM
Photo Station 6.4.0-6.4.2 - Authenticated Stored Cross-Site Scripting
Nov 22, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-38642 HIGH
QuMagie < 2.3.1 - Improper Certificate Validation
Sep 06, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-38641 HIGH
QNAP QTS and QuTS hero < 5.1.8.2823 - OS Command Injection
Sep 06, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-38640 MEDIUM
QNAP Download Station 5.8.0-5.8.6.283 - Authenticated Cross-Site Scripting
Sep 06, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-32771 LOW
QNAP QTS and QuTS hero - Excessive Authentication Attempts
Sep 06, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-32763 HIGH
QNAP QTS and QuTS hero - Authenticated Remote Code Execution via Heap-based Buffer Overflow
Sep 06, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-32762 HIGH
QuLog Center 1.7.0-1.7.0.826 - Cross-Site Scripting via Network
Sep 06, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-27126 MEDIUM
Notes Station 3 3.9.0-3.9.5 - Authenticated Stored Cross-Site Scripting
Sep 06, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-27125 LOW
QNAP Helpdesk < 3.3.1 - Authenticated Stored Cross-Site Scripting
Sep 06, 2024
CVSS 3.5
EPSS 0.01
CVE-2024-27122 MEDIUM
Notes Station 3 3.9.0-3.9.5 - Authenticated Stored Cross-Site Scripting
Sep 06, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-21906 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
Sep 06, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-21904 MEDIUM
QNAP QTS and QuTS hero - Path Traversal
Sep 06, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-21903 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
Sep 06, 2024
CVSS 6.6
EPSS 0.00
CVE-2024-21898 HIGH
QNAP QTS and QuTS hero - Authenticated OS Command Injection
Sep 06, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-21897 HIGH
QNAP QTS and QuTS hero - Authenticated Cross-Site Scripting
Sep 06, 2024
CVSS 8.9
EPSS 0.01
CVE-2024-32765 MEDIUM
QTS 5.1.0-5.1.8.2823 and QuTS hero h5.1.0-h5.1.8.2823 - Authenticated Privilege Escalation via Network & Virtual Switch
Aug 12, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-27130 HIGH
QNAP QTS and QuTS hero - Remote Code Execution via Stack-based Buffer Overflow
May 21, 2024
CVSS 7.2
EPSS 0.81
CVE-2024-27129 MEDIUM
QNAP QTS and QuTS hero - Authenticated Remote Code Execution via Stack-based Buffer Overflow
May 21, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-27128 MEDIUM
QNAP QTS and QuTS hero - Authenticated Remote Code Execution via Stack-based Buffer Overflow
May 21, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-27127 HIGH
QNAP QTS and QuTS hero - Authenticated Remote Code Execution via Double Free
May 21, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-21902 MEDIUM
QNAP QTS and QuTS hero - Authenticated Exposure of Sensitive Information via Incorrect Permission Assignment
May 21, 2024
CVSS 6.4
EPSS 0.00
Products
qts 272 quts_hero 223 qsync_central 62 qutscloud 62 file_station 48 photo_station 26 video_station 15 media_streaming_add-on 13 music_station 13 qurouter 12 helpdesk 11 qumagie 10 qvr 10 qulog_center 8 nas_proxy_server 7 q\'center 7 hybrid_backup_sync 6 notes_station_3 6 qvr_pro 6 license_center 5 multimedia_console 5 qunetswitch 5 qvr_elite 5 qvr_guard 5 qes 4 download_station 3 qcalagent 3 qufirewall 3 qvp-21a_firmware 3 qvp-41a_firmware 3
Quick Filters
Critical CVEs With Exploits In CISA KEV