cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2022-27600,https://securityvulnerability.io/vulnerability/CVE-2022-27600,Uncontrolled Resource Consumption Vulnerability in QNAP Operating Systems,"CVE-2022-27600 is an uncontrolled resource consumption vulnerability that affects various versions of QNAP's operating systems. This vulnerability could be exploited by remote attackers to execute a denial-of-service (DoS) attack, which would disrupt legitimate user access and affect the overall performance of the affected systems. QNAP has issued fixes in certain versions to mitigate this risk. Users are strongly advised to upgrade to the patched versions to protect their systems from potential exploitation.",QNAP,"Qts,Quts Hero,Qutscloud",6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:38.167Z,0 CVE-2024-50393,https://securityvulnerability.io/vulnerability/CVE-2024-50393,"QTS, QuTS hero","A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later",QNAP,"Qts,Quts Hero",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T17:15:00.000Z,0 CVE-2024-38641,https://securityvulnerability.io/vulnerability/CVE-2024-38641,QNAP OS Command Injection Vulnerability,"An OS command injection vulnerability has been identified in several versions of QNAP's operating systems. This vulnerability may allow local network users to execute arbitrary commands through unspecified paths. Users are advised to upgrade to the fixed versions, QTS 5.1.8.2823 build 20240712 and later, or QuTS hero h5.1.8.2823 build 20240712 and later, to mitigate potential exploits and enhance overall security.",QNAP,"Qts,Quts Hero",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-06T16:27:46.814Z,0 CVE-2024-32763,https://securityvulnerability.io/vulnerability/CVE-2024-32763,Buffer Copy Without Checking Size of Input Vulnerability,"A vulnerability has been identified in certain versions of QNAP's operating systems, stemming from a flaw in handling buffer copy operations without adequate size checks. This could potentially allow authenticated users to exploit the vulnerability and execute arbitrary code over the network. The issue is particularly concerning for organizations relying on affected QNAP products, as it opens the door to various malicious activities. QNAP has addressed this vulnerability in the recently released versions QTS 5.1.8.2823 build 20240712 and later, as well as QuTS hero h5.1.8.2823 build 20240712 and later, underscoring the importance of keeping systems updated to mitigate such risks.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-09-06T16:27:41.126Z,0 CVE-2024-21906,https://securityvulnerability.io/vulnerability/CVE-2024-21906,OS Command Injection Vulnerability Affects QNAP QTS Versions,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later",QNAP,"Qts,Quts Hero",4.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-06T16:27:36.257Z,0 CVE-2023-34979,https://securityvulnerability.io/vulnerability/CVE-2023-34979,QNAP Addresses OS Command Injection Vulnerability,"An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system, enabling authenticated administrators to execute arbitrary commands through a network interface. This vulnerability poses a significant risk, as it can be exploited to execute potentially harmful commands on affected devices. It is crucial for users to update their systems to the latest versions, specifically QTS 4.5.4.2790 build 20240605 or later, and QuTS hero h4.5.4.2790 build 20240606 or later, to mitigate the risk associated with this vulnerability.",QNAP,"Qts,Quts Hero",7.2,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:31.562Z,0 CVE-2023-34974,https://securityvulnerability.io/vulnerability/CVE-2023-34974,"QNAP QTS Vulnerability Affects Multiple Versions, Fix Released","An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system, allowing attackers to execute arbitrary commands through network interfaces. This vulnerability impacts various installations, potentially leading to unauthorized control over affected systems. It is crucial for users to update their software to the specified secure releases to mitigate these risks.",QNAP,"Qts,Quts Hero,Qutscloud,Qvr,Qes",8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:27.244Z,0 CVE-2024-32771,https://securityvulnerability.io/vulnerability/CVE-2024-32771,QNAP QTS Vulnerability: Arbitrary Authentication Attempts Allowed,"An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later",QNAP,"Qts,Quts Hero,Qutscloud",2.4,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-06T16:27:12.908Z,0 CVE-2023-39298,https://securityvulnerability.io/vulnerability/CVE-2023-39298,QNAP QTS Vulnerability: Local Auth Bypass Could Allow Data Breaches,"A missing authorization vulnerability in specific versions of QNAP operating systems has the potential to allow local authenticated users unauthorized access to sensitive data and the ability to perform prohibited actions. This flaw affects versions of QTS and QuTS hero prior to specific builds. QNAP has addressed this issue with patches in the subsequent releases, ensuring enhanced security for users.",QNAP,"Qts,Quts Hero,Qutscloud",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-06T16:27:08.552Z,0 CVE-2023-39300,https://securityvulnerability.io/vulnerability/CVE-2023-39300,QTS Vulnerability Could Allow Command Injection Via Network,"An OS command injection vulnerability has been identified in legacy QTS, allowing authenticated administrators to execute arbitrary commands over the network. This weakness poses a significant risk as it enables unauthorized access to system commands, which could lead to potentially harmful modifications or data breaches. Immediate action is advised to upgrade to patched versions of QTS, with detailed update information available through the security advisory.",QNAP,"Qts,Quts Hero,Qutscloud",7.2,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:04.275Z,0 CVE-2024-21904,https://securityvulnerability.io/vulnerability/CVE-2024-21904,QNAP Fixes Path Traversal Vulnerability,"A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later",QNAP,"Qts,Quts Hero",6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-09-06T16:26:45.983Z,0 CVE-2024-21903,https://securityvulnerability.io/vulnerability/CVE-2024-21903,QNAP Addresses OS Command Injection Vulnerability in Several Operating System Versions,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later",QNAP,"Qts,Quts Hero",4.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-09-06T16:26:27.970Z,0 CVE-2024-21898,https://securityvulnerability.io/vulnerability/CVE-2024-21898,QNAP OS Command Injection Vulnerability,"An OS command injection vulnerability has been identified in several versions of QNAP's operating systems, specifically QTS and QuTS Hero. This issue enables authenticated users to potentially execute arbitrary commands via network interactions. QNAP has addressed this vulnerability, and users are advised to update to the fixed versions to mitigate risks associated with unauthorized command execution.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:26:24.271Z,0 CVE-2024-21897,https://securityvulnerability.io/vulnerability/CVE-2024-21897,QNAP Operating System Versions Vulnerable to Cross-Site Scripting (XSS) Attack,"A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later",QNAP,"Qts,Quts Hero",5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-06T16:26:19.971Z,0 CVE-2023-51368,https://securityvulnerability.io/vulnerability/CVE-2023-51368,QNAP OS Versions Vulnerable to NULL Pointer Dereference Attack,"A NULL pointer dereference vulnerability has been identified in multiple QNAP operating system versions, which can be exploited to initiate a denial-of-service (DoS) attack through a network. This vulnerability poses a risk as it may allow an attacker to disrupt the functionality of affected systems. The issue has been addressed in recent updates, and users are strongly advised to upgrade to the latest versions, specifically QTS 5.1.6.2722 build 20240402 and later, as well as QuTS hero h5.1.6.2734 build 20240414 and later, to mitigate the risk.",QNAP,"Qts,Quts Hero",6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-09-06T16:26:15.562Z,0 CVE-2023-51367,https://securityvulnerability.io/vulnerability/CVE-2023-51367,Buffer Copy Vulnerability Affects QNAP Operating Systems,"A buffer copy without checking the size of input vulnerability has been identified in multiple versions of QNAP operating systems. This flaw poses a risk of potential code execution via network interactions, enabling unauthorized access and manipulation of system functions. QNAP has released significant updates addressing this issue in QTS 5.1.6.2722 build 20240402 and later, as well as QuTS hero h5.1.6.2734 build 20240414 and beyond. It is crucial for users to upgrade to the patched versions to ensure system security.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2024-09-06T16:26:10.766Z,0 CVE-2023-51366,https://securityvulnerability.io/vulnerability/CVE-2023-51366,QNAP Addresses Path Traversal Vulnerability in Multiple OS Versions,"A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later",QNAP,"Qts,Quts Hero",6.5,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2024-09-06T16:26:04.945Z,0 CVE-2023-50366,https://securityvulnerability.io/vulnerability/CVE-2023-50366,QNAP Fixes Cross-Site Scripting Vulnerability in Select Operating System Versions,"A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later",QNAP,"Qts,Quts Hero",4.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-09-06T16:25:57.242Z,0 CVE-2024-32765,https://securityvulnerability.io/vulnerability/CVE-2024-32765,QTS Vulnerability Fix,"A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later",QNAP,"Qts,Quts Hero",4.2,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0 CVE-2024-27130,https://securityvulnerability.io/vulnerability/CVE-2024-27130,Buffer Copy Vulnerability Affects QNAP Operating System Versions,"A vulnerability has been identified across multiple versions of the QNAP operating system, characterized by a buffer copy process that does not adequately verify the size of incoming data. This oversight can be exploited by attackers, providing them the ability to execute arbitrary code through network access. It is crucial for users to update to the specified patched versions to mitigate risks associated with this vulnerability.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.00046999999904073775,false,true,false,true,true,true,false,2024-05-21T16:08:46.881Z,6467 CVE-2024-27129,https://securityvulnerability.io/vulnerability/CVE-2024-27129,Buffer Copy Vulnerability Affects QNAP Operating System Versions,"A buffer copy vulnerability has been identified in several versions of the QNAP operating systems. This flaw allows authenticated users to perform code execution through network access, potentially compromising the integrity of the system. The issue arises due to a lack of proper input size checks during buffer operations. It is crucial for users to update their systems to the latest versions, specifically QTS 5.1.7.2770 build 20240520 and later, as well as QuTS hero h5.1.7.2770 build 20240520 and later, to mitigate this risk.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2024-05-21T16:08:40.115Z,0 CVE-2024-27128,https://securityvulnerability.io/vulnerability/CVE-2024-27128,Buffer Copy Vulnerability Affects QNAP Operating System Versions,"A vulnerability has been identified in several versions of the QNAP operating system, characterized by a buffer copy operation that fails to enforce size checks for input data. This oversight creates a potential avenue for authenticated users to exploit the vulnerability, enabling them to execute arbitrary code via a network connection. It is crucial for users of QNAP devices to update to QTS version 5.1.7.2770 build 20240520 or later, as well as the QuTS hero version 5.1.7.2770 build 20240520 or later, to mitigate this risk.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2024-05-21T16:08:34.365Z,0 CVE-2024-27127,https://securityvulnerability.io/vulnerability/CVE-2024-27127,QNAP QTS Vulnerability: Authenticated Execution of Arbitrary Code via Network,"A double free vulnerability has been identified in multiple versions of QNAP operating systems, allowing authenticated users to exploit this flaw to execute arbitrary code over a network. This vulnerability poses a significant security risk, as it can be leveraged to manipulate system behavior or compromise sensitive data. QNAP has issued a fix in QTS and QuTS hero versions 5.1.7.2770 build 20240520 or later, enhancing the security posture of their users. Immediate upgrades to the patched versions are recommended to mitigate potential risks.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-21T16:08:29.155Z,0 CVE-2024-21902,https://securityvulnerability.io/vulnerability/CVE-2024-21902,Permission Misconfiguration in QNAP Operating Systems,"A permission misconfiguration vulnerability has been discovered in multiple versions of QNAP's operating systems. This flaw allows authenticated users to gain unauthorized access to critical resources over the network, potentially leading to data breaches or modifications. The issue affects several versions prior to QTS 5.1.7.2770 build 20240520 and QuTS hero h5.1.7.2770 build 20240520, which have since resolved the vulnerability. It is crucial for users to update their systems to these secured builds to safeguard against potential exploitation.",QNAP,"Qts,Quts Hero",8.1,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-05-21T16:08:14.291Z,0 CVE-2023-50364,https://securityvulnerability.io/vulnerability/CVE-2023-50364,Buffer Copy Vulnerability Affects QNAP Operating System Versions,"A vulnerability in several versions of the QNAP operating system has been identified, characterized by the absence of proper size checks during buffer copy operations. This flaw may allow authenticated users to execute arbitrary code over a network connection. QNAP has issued fixes that are available in QTS 5.1.6.2722 build 20240402 and later, as well as QuTS hero h5.1.6.2734 build 20240414 and later, mitigating the risks associated with this vulnerability.",QNAP,"Qts,Quts Hero",8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-04-26T15:15:00.000Z,0