Qnap
Monthly
Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or modify memory without user interaction. The vulnerability affects all versions prior to Qsync Central 4.5.0.6 (released March 20, 2025), with a CVSS score of 8.1 indicating high severity. While no public exploit or KEV status is currently documented, the low attack complexity and requirement for only low-privilege user access make this a significant risk for organizations running vulnerable versions.
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
A double free vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or modify memory without user interaction. The vulnerability affects all versions prior to Qsync Central 4.5.0.6 (released March 20, 2025), with a CVSS score of 8.1 indicating high severity. While no public exploit or KEV status is currently documented, the low attack complexity and requirement for only low-privilege user access make this a significant risk for organizations running vulnerable versions.
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
A double free vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.