Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Quts_hero
(Qnap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-10 | CVE-2021-34343 | A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210701 and later QuTScloud c4.5.6.1755 and later QuTS hero h4.5.4.1771 build 20210825 and later | Qts, Quts_hero, Qutscloud | 7.2 | ||
| 2022-01-07 | CVE-2021-38674 | A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later | Qts, Quts_hero, Qutscloud | 6.1 | ||
| 2022-05-05 | CVE-2021-44051 | A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later | Qts, Quts_hero, Qutscloud | 8.8 | ||
| 2022-05-05 | CVE-2021-38693 | A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS... | Qts, Quts_hero, Qutscloud | 5.3 | ||
| 2022-05-05 | CVE-2021-44052 | An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310... | Qts, Quts_hero, Qutscloud | 8.1 | ||
| 2022-05-05 | CVE-2021-44053 | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud... | Qts, Quts_hero, Qutscloud | 6.1 | ||
| 2022-05-05 | CVE-2021-44054 | An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS... | Qts, Quts_hero, Qutscloud | 6.1 | ||
| 2023-01-30 | CVE-2022-27596 | A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later | Qts, Quts_hero | 9.8 | ||
| 2023-03-29 | CVE-2023-23355 | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud... | Qts, Quts_hero, Qutscloud, Qvp\-21a_firmware, Qvp\-41a_firmware, Qvp\-41b_firmware, Qvp\-63a_firmware, Qvp\-63b_firmware, Qvp\-85a_firmware, Qvp\-85b_firmware, Qvr | 7.2 | ||
| 2023-03-29 | CVE-2022-27597 | A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later | Qts, Quts_hero, Qutscloud, Qvp\-21a_firmware, Qvp\-41a_firmware, Qvp\-41b_firmware, Qvp\-63a_firmware, Qvp\-63b_firmware, Qvp\-85a_firmware, Qvp\-85b_firmware, Qvr | 2.7 |