qnap

613 tracked vulnerabilities.

CVE-2024-32766 CRITICAL
QNAP QTS < 4.5.4.2627 and QuTS hero < h4.5.4.2626 and QuTScloud < c5.1.5.2651 - OS Command Injection
Apr 26, 2024
CVSS 10.0
EPSS 0.02
CVE-2024-32764 CRITICAL
myQNAPcloud Link <2.4.51 - Privilege Escalation
Apr 26, 2024
CVSS 9.9
EPSS 0.00
CVE-2024-27124 HIGH
QNAP QTS 4.5.1-4.5.4.2626 and QTS 5.1.3.2578 - OS Command Injection
Apr 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21905 MEDIUM
QNAP QTS/QuTS hero/QuTScloud Integer Overflow
Apr 26, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-21901 MEDIUM
myQNAPcloud < 1.0.52 and QTS < 4.5.4.2627 - Authenticated SQL Injection
Mar 08, 2024
CVSS 4.7
EPSS 0.05
CVE-2024-21900 MEDIUM
QNAP QTS < 5.1.3.2578 and QuTS hero < h5.1.3.2578 - Authenticated Command Injection
Mar 08, 2024
CVSS 4.3
EPSS 0.11
CVE-2024-21899 CRITICAL
QNAP QTS < 4.5.4.2627 and QuTS hero < h4.5.4.2626 and QuTScloud < c5.1.5.2651 - Improper Authentication
Mar 08, 2024
CVSS 9.8
EPSS 0.11
CVE-2023-23357 MEDIUM
QuLog Center < 1.5.0.738 - Authenticated Cross-Site Scripting
Dec 19, 2024
CVSS 4.8
EPSS 0.00
CVE-2023-23356 MEDIUM
QuFirewall < 2.3.3 - Authenticated OS Command Injection
Dec 19, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-23354 HIGH
QuLog Center < 1.5.0.738 - Cross-Site Scripting
Dec 19, 2024
CVSS 7.3
EPSS 0.00
CVE-2023-51368 MEDIUM
QNAP QTS and QuTS hero - Denial of Service via NULL Pointer Dereference
Sep 06, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-51367 MEDIUM
QNAP QTS and QuTS hero - Remote Code Execution via Stack-based Buffer Overflow
Sep 06, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-51366 HIGH
QNAP QTS and QuTS hero - Path Traversal and Sensitive Data Exposure
Sep 06, 2024
CVSS 8.7
EPSS 0.00
CVE-2023-50366 MEDIUM
QNAP QTS and QuTS hero - Authenticated Stored Cross-Site Scripting
Sep 06, 2024
CVSS 4.3
EPSS 0.00
CVE-2023-50360 HIGH
QNAP Video Station 5.0.0-5.8.1 - Authenticated SQL Injection via Network
Sep 06, 2024
CVSS 8.8
EPSS 0.00
CVE-2023-47563 HIGH
QNAP Video Station 5.0.0-5.8.1 - Authenticated OS Command Injection
Sep 06, 2024
CVSS 7.4
EPSS 0.01
CVE-2023-45038 MEDIUM NUCLEI
QNAP Music Station 5.0.0-5.3.9 - Improper Authentication
Sep 06, 2024
CVSS 4.3
EPSS 0.07
CVE-2023-39300 HIGH
QTS < 4.3.6.2805 - Authenticated OS Command Injection
Sep 06, 2024
CVSS 7.2
EPSS 0.00
CVE-2023-39298 HIGH
QNAP QTS and QuTS hero - Missing Authorization
Sep 06, 2024
CVSS 7.8
EPSS 0.00
CVE-2023-34979 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
Sep 06, 2024
CVSS 6.6
EPSS 0.00
CVE-2023-34974 HIGH
QNAP QTS and QuTS hero - OS Command Injection
Sep 06, 2024
CVSS 8.8
EPSS 0.00
CVE-2023-47220 MEDIUM
QNAP Media Streaming add-on >=500.1.1.0 <500.1.1.5 - Authenticated OS Command Injection
May 03, 2024
CVSS 6.6
EPSS 0.00
CVE-2023-51365 HIGH
QNAP QTS 4.5.1-4.5.4.2626 and QTS 5.1.4.2595 - Path Traversal
Apr 26, 2024
CVSS 8.7
EPSS 0.12
CVE-2023-51364 HIGH
QNAP QTS 4.5.1-4.5.4.2626 and QuTS hero h4.5.0-h4.5.4.2625 and QuTScloud c5.0.0.1919-c5.1.5.2650 - Path Traversal
Apr 26, 2024
CVSS 8.7
EPSS 0.11
CVE-2023-50364 MEDIUM
QNAP QTS and QuTS hero - Authenticated Remote Code Execution via Heap-based Buffer Overflow
Apr 26, 2024
CVSS 6.4
EPSS 0.00
Products
qts 272 quts_hero 223 qsync_central 62 qutscloud 62 file_station 48 photo_station 26 video_station 15 media_streaming_add-on 13 music_station 13 qurouter 12 helpdesk 11 qumagie 10 qvr 10 qulog_center 8 nas_proxy_server 7 q\'center 7 hybrid_backup_sync 6 notes_station_3 6 qvr_pro 6 license_center 5 multimedia_console 5 qunetswitch 5 qvr_elite 5 qvr_guard 5 qes 4 download_station 3 qcalagent 3 qufirewall 3 qvp-21a_firmware 3 qvp-41a_firmware 3
Quick Filters
Critical CVEs With Exploits In CISA KEV