cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-27130,https://securityvulnerability.io/vulnerability/CVE-2024-27130,Buffer Copy Vulnerability Affects QNAP Operating System Versions,"A vulnerability has been identified across multiple versions of the QNAP operating system, characterized by a buffer copy process that does not adequately verify the size of incoming data. This oversight can be exploited by attackers, providing them the ability to execute arbitrary code through network access. It is crucial for users to update to the specified patched versions to mitigate risks associated with this vulnerability.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.00046999999904073775,false,true,false,true,true,true,false,2024-05-21T16:08:46.881Z,6467
CVE-2024-32766,https://securityvulnerability.io/vulnerability/CVE-2024-32766,QNAP QTS Operating System Vulnerability Affects Multiple Versions,"A critical OS command injection vulnerability has been reported in multiple versions of the QNAP QTS operating system, allowing users to execute commands via a network. The company has released patches for the affected versions, urging users to update their devices to the latest versions to mitigate potential risks. The exploitation of this vulnerability could lead to dire consequences such as data theft, malware installation, or even a complete takeover of the NAS device, making it a prime target for cybercriminals. Additionally, compromised NAS devices serve as launching pads for broader attacks within the network, posing significant risks to data security and making timely patching and security vigilance imperative.",QNAP,,,,0.000699999975040555,false,true,false,true,,false,false,2024-04-26T15:15:00.000Z,0
CVE-2024-21899,https://securityvulnerability.io/vulnerability/CVE-2024-21899,QNAP Fixes Improper Authentication Vulnerability Affecting Multiple Versions of QTS,"The articles discuss a critical authentication bypass vulnerability (CVE-2024-21899) affecting multiple versions of QNAP operating systems. This vulnerability allows unauthorized remote access to the NAS device, posing a severe security risk. The vulnerability has been addressed by QNAP with patches available for affected versions. Other vulnerabilities impacting QNAP operating systems are also highlighted, emphasizing the need for immediate updates to mitigate potential security risks. The exploitation of these vulnerabilities could lead to unauthorized access, data compromise, and further attacks, making it crucial for organizations and individuals using QNAP products to prioritize security updates.",QNAP,"Qts,Quts Hero,Qutscloud",9.8,CRITICAL,0.001550000044517219,false,true,false,true,true,false,false,2024-03-08T16:17:25.243Z,0
CVE-2023-50358,https://securityvulnerability.io/vulnerability/CVE-2023-50358,"QTS, QuTS hero, QuTScloud","An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
",QNAP,"QTS,QuTS hero,QuTScloud",5.8,MEDIUM,0.0004600000102072954,false,true,false,true,true,false,false,2024-02-13T02:45:22.351Z,0
CVE-2023-47218,https://securityvulnerability.io/vulnerability/CVE-2023-47218,QNAP OS Command Injection Vulnerability Affects Multiple Versions,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
",QNAP,"QTS,QuTS hero,QuTScloud",5.8,MEDIUM,0.004129999782890081,false,true,false,true,true,false,false,2024-02-13T02:44:14.677Z,0
CVE-2023-47564,https://securityvulnerability.io/vulnerability/CVE-2023-47564,Qsync Central,"An issue with incorrect permission assignment in Qsync Central from QNAP exposes critical resources to potential read and modification by authenticated users over a network. This vulnerability underscores the importance of proper permission management to prevent unauthorized access to sensitive information. Mitigating this vulnerability requires version updates to ensure security patches are applied, specifically upgrading to Qsync Central 4.4.0.15 or later, or 4.3.0.11 or later.",QNAP,Qsync Central,8,HIGH,0.0005200000014156103,false,false,false,true,true,false,false,2024-02-02T16:05:54.662Z,0