cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-27600,https://securityvulnerability.io/vulnerability/CVE-2022-27600,Uncontrolled Resource Consumption Vulnerability in QNAP Operating Systems,"CVE-2022-27600 is an uncontrolled resource consumption vulnerability that affects various versions of QNAP's operating systems. This vulnerability could be exploited by remote attackers to execute a denial-of-service (DoS) attack, which would disrupt legitimate user access and affect the overall performance of the affected systems. QNAP has issued fixes in certain versions to mitigate this risk. Users are strongly advised to upgrade to the patched versions to protect their systems from potential exploitation.",QNAP,"Qts,Quts Hero,Qutscloud",6.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T01:39:38.167Z,0
CVE-2023-34974,https://securityvulnerability.io/vulnerability/CVE-2023-34974,"QNAP QTS Vulnerability Affects Multiple Versions, Fix Released","An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system, allowing attackers to execute arbitrary commands through network interfaces. This vulnerability impacts various installations, potentially leading to unauthorized control over affected systems. It is crucial for users to update their software to the specified secure releases to mitigate these risks.",QNAP,"Qts,Quts Hero,Qutscloud,Qvr,Qes",8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:27.244Z,0
CVE-2024-32771,https://securityvulnerability.io/vulnerability/CVE-2024-32771,QNAP QTS Vulnerability: Arbitrary Authentication Attempts Allowed,"An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.

We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later",QNAP,"Qts,Quts Hero,Qutscloud",2.4,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-09-06T16:27:12.908Z,0
CVE-2023-39298,https://securityvulnerability.io/vulnerability/CVE-2023-39298,QNAP QTS Vulnerability: Local Auth Bypass Could Allow Data Breaches,"A missing authorization vulnerability in specific versions of QNAP operating systems has the potential to allow local authenticated users unauthorized access to sensitive data and the ability to perform prohibited actions. This flaw affects versions of QTS and QuTS hero prior to specific builds. QNAP has addressed this issue with patches in the subsequent releases, ensuring enhanced security for users.",QNAP,"Qts,Quts Hero,Qutscloud",7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-06T16:27:08.552Z,0
CVE-2023-39300,https://securityvulnerability.io/vulnerability/CVE-2023-39300,QTS Vulnerability Could Allow Command Injection Via Network,"An OS command injection vulnerability has been identified in legacy QTS, allowing authenticated administrators to execute arbitrary commands over the network. This weakness poses a significant risk as it enables unauthorized access to system commands, which could lead to potentially harmful modifications or data breaches. Immediate action is advised to upgrade to patched versions of QTS, with detailed update information available through the security advisory.",QNAP,"Qts,Quts Hero,Qutscloud",7.2,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:04.275Z,0
CVE-2024-27124,https://securityvulnerability.io/vulnerability/CVE-2024-27124,QNAP QTS Operating System Vulnerability Affects Multiple Versions,"An OS command injection vulnerability has been identified in multiple versions of QNAP operating systems, posing a significant risk to users. When exploited by an attacker, this vulnerability enables the execution of arbitrary commands over a network, which could lead to unauthorized access and potential system compromise. Users are strongly advised to upgrade to the patched versions to mitigate the risk associated with this vulnerability.",QNAP,"Qts,Quts Hero,Qutscloud",7.5,HIGH,0.000699999975040555,false,true,false,false,,false,false,2024-04-26T15:15:00.000Z,0
CVE-2024-21905,https://securityvulnerability.io/vulnerability/CVE-2024-21905,QNAP Operating System Vulnerability Affects System Security via Network,"An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later
",QNAP,"Qts,Quts Hero,Qutscloud",6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-26T15:15:00.000Z,0
CVE-2024-21900,https://securityvulnerability.io/vulnerability/CVE-2024-21900,QNAP Operating System Vulnerability Affects Authenticated Users,"An injection vulnerability exists in certain versions of QNAP operating systems, which could enable authenticated users to execute arbitrary commands over the network. This vulnerability affects various versions of QTS, QuTS hero, and QuTScloud, posing significant risks to the security of the systems. Mitigation is available as the issue has been addressed in recent updates. Users are advised to upgrade to the specified secure versions to safeguard their devices against potential exploitation.",QNAP,"Qts,Quts Hero,Qutscloud",6.5,MEDIUM,0.0004600000102072954,false,true,false,false,,false,false,2024-03-08T16:17:29.628Z,0
CVE-2024-21899,https://securityvulnerability.io/vulnerability/CVE-2024-21899,QNAP Fixes Improper Authentication Vulnerability Affecting Multiple Versions of QTS,"The articles discuss a critical authentication bypass vulnerability (CVE-2024-21899) affecting multiple versions of QNAP operating systems. This vulnerability allows unauthorized remote access to the NAS device, posing a severe security risk. The vulnerability has been addressed by QNAP with patches available for affected versions. Other vulnerabilities impacting QNAP operating systems are also highlighted, emphasizing the need for immediate updates to mitigate potential security risks. The exploitation of these vulnerabilities could lead to unauthorized access, data compromise, and further attacks, making it crucial for organizations and individuals using QNAP products to prioritize security updates.",QNAP,"Qts,Quts Hero,Qutscloud",9.8,CRITICAL,0.001550000044517219,false,true,false,true,true,false,false,2024-03-08T16:17:25.243Z,0
CVE-2023-32969,https://securityvulnerability.io/vulnerability/CVE-2023-32969,QuTScloud Cross-Site Scripting Vulnerability,"A cross-site scripting vulnerability has been identified in QNAP's Network & Virtual Switch. This vulnerability enables authenticated administrators to potentially inject malicious code via a network, posing a risk to the security of the affected systems. Organizations using the software should ensure they are operating on the patched versions to mitigate this risk. The vulnerability has been addressed in specific versions, including QuTScloud c5.1.5.2651 and later, along with QTS and QuTS hero versions 5.1.4.2596 build 20231128 and later.",QNAP,"Qutscloud,Qts,Quts Hero",4.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-08T16:17:19.645Z,0
CVE-2023-50358,https://securityvulnerability.io/vulnerability/CVE-2023-50358,"QTS, QuTS hero, QuTScloud","An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
",QNAP,"QTS,QuTS hero,QuTScloud",5.8,MEDIUM,0.0004600000102072954,false,true,false,true,true,false,false,2024-02-13T02:45:22.351Z,0
CVE-2023-47218,https://securityvulnerability.io/vulnerability/CVE-2023-47218,QNAP OS Command Injection Vulnerability Affects Multiple Versions,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTScloud c5.1.5.2651 and later
",QNAP,"QTS,QuTS hero,QuTScloud",5.8,MEDIUM,0.004129999782890081,false,true,false,true,true,false,false,2024-02-13T02:44:14.677Z,0
CVE-2023-47568,https://securityvulnerability.io/vulnerability/CVE-2023-47568,QNAP QTS Vulnerability: SQL Injection Risk Affects Multiple Versions,"A SQL injection vulnerability has been identified in various QNAP operating system versions. This security issue allows authenticated users to potentially execute arbitrary SQL commands by injecting malicious code through a network interface. If left unaddressed, this vulnerability could enable unauthorized access to sensitive data or manipulation of the underlying database. QNAP has addressed this vulnerability in the mentioned versions of QTS and QuTS systems, emphasizing the importance of updating to the latest releases for enhanced security.",QNAP,"Qts,Quts Hero,Qutscloud",8.8,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-02-02T16:06:10.742Z,0
CVE-2023-47567,https://securityvulnerability.io/vulnerability/CVE-2023-47567,QNAP QTS Operating System Vulnerability Affects Multiple Versions,"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
",QNAP,"Qts,Quts Hero,Qutscloud",4.7,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2024-02-02T16:06:05.095Z,0
CVE-2023-47566,https://securityvulnerability.io/vulnerability/CVE-2023-47566,"QTS, QuTS hero, QuTScloud","An OS command injection vulnerability has been identified in multiple versions of QNAP's operating systems. This flaw allows authenticated administrators to potentially execute arbitrary commands over the network, thereby presenting a significant risk to system integrity. Prompt updates are essential to mitigate this issue and safeguard against potential exploitation.",QNAP,"QTS,QuTS hero,QuTScloud",7.2,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2024-02-02T16:05:59.833Z,0
CVE-2023-45037,https://securityvulnerability.io/vulnerability/CVE-2023-45037,"QTS, QuTS hero, QuTScloud","A vulnerability has been identified in several versions of QNAP operating systems, characterized by a buffer copy process that lacks appropriate input size validation. This flaw may be exploited by authenticated administrators, enabling them to execute arbitrary code via network interactions. The potential for unauthorized access and execution of commands poses a significant security risk, stressing the importance of timely updates to the affected versions.",QNAP,"QTS,QuTS hero,QuTScloud",7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-02-02T16:05:37.258Z,0
CVE-2023-45036,https://securityvulnerability.io/vulnerability/CVE-2023-45036,"QTS, QuTS hero, QuTScloud","A vulnerability has been identified in several versions of the QNAP operating system, characterized by a buffer copy operation that does not adequately validate the size of the input. This oversight may be exploited by authenticated administrators to execute arbitrary code through a network interface. It represents a serious risk to system integrity and emphasizes the necessity of regular software updates to mitigate potential threats. The issue has been addressed in the latest software versions, underscoring the critical importance of maintaining up-to-date systems.",QNAP,"QTS,QuTS hero,QuTScloud",7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-02-02T16:05:31.409Z,0
CVE-2023-45035,https://securityvulnerability.io/vulnerability/CVE-2023-45035,"QTS, QuTS hero, QuTScloud","A vulnerability affecting multiple QNAP operating system versions has been identified, characterized as a buffer copy without input size verification. This defect potentially grants authenticated administrators the ability to execute arbitrary code remotely over the network, creating significant security risks. Mitigating this issue involves updating to the latest versions of QTS, QuTS hero, or QuTScloud as mentioned in the vendor's advisory. Organizations utilizing affected versions are strongly advised to implement patches promptly to secure their systems.",QNAP,"QTS,QuTS hero,QuTScloud",7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-02-02T16:05:25.788Z,0
CVE-2023-45028,https://securityvulnerability.io/vulnerability/CVE-2023-45028,"QTS, QuTS hero, QuTScloud","An uncontrolled resource consumption vulnerability has been identified in various versions of QNAP's operating system. This flaw could potentially allow authenticated administrators to execute a denial-of-service (DoS) attack via network paths, leading to service disruptions. It is critical for administrators to ensure that their systems are updated to the fixed versions to mitigate this risk. QNAP has provided updates to address this issue in QTS 5.1.5.2645 build 20240116 and later, QuTS hero h5.1.5.2647 build 20240118 and later, as well as QuTScloud c5.1.5.2651 and later.",QNAP,"QTS,QuTS hero,QuTScloud",4.9,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-02-02T16:05:20.257Z,0
CVE-2023-45027,https://securityvulnerability.io/vulnerability/CVE-2023-45027,"QTS, QuTS hero, QuTScloud","A path traversal vulnerability has been identified in various QNAP operating systems, impacting the ability of authenticated administrators to access unexpected files. This flaw can lead to the unauthorized exposure of sensitive information over a network, significantly jeopardizing the security of affected systems. QNAP has proactively addressed this issue in recent software updates, emphasizing the critical need for users to update their systems to safeguard against potential exploits.",QNAP,"Qts,Quts Hero,Qutscloud",5.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2024-02-02T16:05:13.689Z,0
CVE-2023-45026,https://securityvulnerability.io/vulnerability/CVE-2023-45026,"QTS, QuTS hero, QuTScloud","A path traversal vulnerability exists in several versions of QNAP's operating system, which can be exploited by authenticated administrators to access unexpected files. This could result in the exposure of sensitive data over a network connection. The flaw affects a variety of operating systems, and once exploited, it could compromise the integrity of the data stored on the affected devices. QNAP has addressed this issue in their newer builds, specifically QTS 5.1.5.2645 (build 20240116) and later, QuTS hero h5.1.5.2647 (build 20240118) and later, as well as QuTScloud c5.1.5.2651 and later.",QNAP,"Qts,Quts Hero,Qutscloud",5.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2024-02-02T16:05:07.756Z,0
CVE-2023-45025,https://securityvulnerability.io/vulnerability/CVE-2023-45025,"QTS, QuTS hero, QuTScloud","An OS command injection vulnerability has been identified in multiple QNAP operating system versions. This flaw allows attackers to execute arbitrary commands through network access, potentially compromising the integrity and security of affected systems. Preventive measures and patch updates have been released to mitigate the risk associated with this vulnerability. Users are advised to update to the latest versions to ensure protection against unauthorized access and command execution.",QNAP,"QTS,QuTS hero,QuTScloud",9.8,CRITICAL,0.0007600000244565308,false,false,false,false,,false,false,2024-02-02T16:05:02.613Z,0
CVE-2023-41292,https://securityvulnerability.io/vulnerability/CVE-2023-41292,"QTS, QuTS hero, QuTScloud","A vulnerability has been identified in various versions of QNAP operating systems, where a buffer copy operation does not properly validate the size of the input data. This issue allows authenticated administrators to potentially execute arbitrary code remotely through network interactions. QNAP has addressed this vulnerability in subsequent software updates, enhancing the security posture of the affected operating systems.",QNAP,"QTS,QuTS hero,QuTScloud",7.2,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-02-02T16:04:57.919Z,0
CVE-2023-41283,https://securityvulnerability.io/vulnerability/CVE-2023-41283,"QTS, QuTS hero, QuTScloud","An OS command injection vulnerability has been identified in multiple versions of QNAP operating systems. This issue permits authenticated administrators to execute arbitrary commands via network access. The vulnerability poses a significant security risk as it compromises the integrity of affected systems, potentially allowing unauthorized access and manipulation of system functionalities. Timely software updates have resolved this vulnerability in the latest versions of QTS, QuTS hero, and QuTScloud.",QNAP,"Qts,Quts Hero,Qutscloud",5.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-02-02T16:04:53.120Z,0
CVE-2023-41282,https://securityvulnerability.io/vulnerability/CVE-2023-41282,"QTS, QuTS hero, QuTScloud","An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system. This security flaw allows authenticated administrators to potentially execute commands over the network, which can lead to unauthorized actions within the affected environment. QNAP has released updates to address this issue in QTS version 5.1.4.2596 build 20231128 and later, as well as in QuTS hero and QuTScloud versions that meet or exceed specified build numbers. Organizations utilizing the impacted versions are advised to apply the necessary updates to safeguard against exploitation.",QNAP,"Qts,Quts Hero,Qutscloud",5.5,MEDIUM,0.0006000000284984708,false,false,false,false,,false,false,2024-02-02T16:04:48.454Z,0