cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-34974,https://securityvulnerability.io/vulnerability/CVE-2023-34974,"QNAP QTS Vulnerability Affects Multiple Versions, Fix Released","An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system, allowing attackers to execute arbitrary commands through network interfaces. This vulnerability impacts various installations, potentially leading to unauthorized control over affected systems. It is crucial for users to update their software to the specified secure releases to mitigate these risks.",QNAP,"Qts,Quts Hero,Qutscloud,Qvr,Qes",8.8,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-09-06T16:27:27.244Z,0
CVE-2022-27592,https://securityvulnerability.io/vulnerability/CVE-2022-27592,Unauthorized Code Execution Vulnerability Affects QVR Smart Client,"An unquoted search path vulnerability has been identified in QVR Smart Client, impacting the security of systems where the software is installed. This flaw may enable local authenticated administrators to execute unauthorized commands or code through unspecified methods. It is crucial for users of QVR Smart Client to ensure they have updated their installations to version 2.4.0.0570 or later on supported operating systems, including Windows 10 SP1, Windows 11, Mac OS, and Mac M1, to mitigate any potential security risks.",QNAP,Qvr Smart Client,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-06T16:26:41.790Z,0
CVE-2022-27599,https://securityvulnerability.io/vulnerability/CVE-2022-27599,QVR Pro Client,"An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.

We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later
",QNAP,Qvr Pro Client,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-09-08T01:58:10.128Z,0
CVE-2022-27588,https://securityvulnerability.io/vulnerability/CVE-2022-27588,Vulnerability in QVR,We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later,QNAP,Qvr,9.8,CRITICAL,0.0015999999595806003,false,false,false,false,,false,false,2022-05-05T17:15:00.000Z,0
CVE-2021-38690,https://securityvulnerability.io/vulnerability/CVE-2021-38690,"Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard","A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later",QNAP,"Qvr Elite,Qvr Pro,Qvr Guard",8.1,HIGH,0.003449999960139394,false,false,false,false,,false,false,2022-01-14T01:15:00.000Z,0
CVE-2021-38682,https://securityvulnerability.io/vulnerability/CVE-2021-38682,"Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard","A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 and later QTS 5.0.0: QVR Guard 2.1.3.0 and later",QNAP,"Qvr Elite,Qvr Pro,Qvr Guard",8.1,HIGH,0.003449999960139394,false,false,false,false,,false,false,2022-01-14T01:15:00.000Z,0
CVE-2021-38689,https://securityvulnerability.io/vulnerability/CVE-2021-38689,"Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard","A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later",QNAP,"Qvr Elite,Qvr Pro,Qvr Guard",8.1,HIGH,0.003449999960139394,false,false,false,false,,false,false,2022-01-14T01:15:00.000Z,0
CVE-2021-38691,https://securityvulnerability.io/vulnerability/CVE-2021-38691,"Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard","A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later",QNAP,"Qvr Elite,Qvr Pro,Qvr Guard",8.1,HIGH,0.003449999960139394,false,false,false,false,,false,false,2022-01-14T01:15:00.000Z,0
CVE-2021-38692,https://securityvulnerability.io/vulnerability/CVE-2021-38692,"Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard","A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard: QuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later QTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later QTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later QTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later",QNAP,"Qvr Elite,Qvr Pro,Qvr Guard",8.1,HIGH,0.003449999960139394,false,false,false,false,,false,false,2022-01-14T01:15:00.000Z,0
CVE-2021-38686,https://securityvulnerability.io/vulnerability/CVE-2021-38686,Improper Authentication Vulnerability in VioStor,"An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later",QNAP,Qvr,8.8,HIGH,0.0024999999441206455,false,false,false,false,,false,false,2021-11-26T00:00:00.000Z,0
CVE-2021-38685,https://securityvulnerability.io/vulnerability/CVE-2021-38685,Command Injection Vulnerability in VioStor,"A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later",QNAP,Qvr,9.8,CRITICAL,0.002739999908953905,false,false,false,false,,false,false,2021-11-26T00:00:00.000Z,0
CVE-2021-34352,https://securityvulnerability.io/vulnerability/CVE-2021-34352,Command Injection Vulnerability in QVR,"A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later",QNAP,Qvr,7.2,HIGH,0.0031500000040978193,false,false,false,false,,false,false,2021-10-01T00:00:00.000Z,0
CVE-2021-34351,https://securityvulnerability.io/vulnerability/CVE-2021-34351,Command Injection Vulnerability in QVR,"A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later",QNAP,Qvr,9.8,CRITICAL,0.002739999908953905,false,false,false,false,,false,false,2021-09-27T00:00:00.000Z,0
CVE-2021-34348,https://securityvulnerability.io/vulnerability/CVE-2021-34348,Command Injection Vulnerability in QVR,"A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later",QNAP,Qvr,9.8,CRITICAL,0.002739999908953905,false,false,false,false,,false,false,2021-09-27T00:00:00.000Z,0
CVE-2021-34349,https://securityvulnerability.io/vulnerability/CVE-2021-34349,Command Injection Vulnerability in QVR,"A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later",QNAP,Qvr,7.2,HIGH,0.0016799999866634607,false,false,false,false,,false,false,2021-09-27T00:00:00.000Z,0