QNAP Security Vulnerabilities
A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions:Notes Station 3 3.9.6 and later
6.3CVSS
5.9AI Score
0.0004EPSS
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version:QTS 5.1.7.2770 build 20240520 and...
8.8CVSS
7.5AI Score
0.001EPSS
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version:QTS 5.1.7.27...
8.8CVSS
7.1AI Score
0.0005EPSS
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version:QTS 5.1.7.27...
8.8CVSS
7.1AI Score
0.0005EPSS
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version:QTS 5.1.7.2770 build 20240...
8.8CVSS
7AI Score
0.0005EPSS
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions:QuLog Center 1.8.0.872 ( 2024/06/17 ) and laterQuLog Cente...
8.2CVSS
7.3AI Score
0.0005EPSS
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions:QTS 5.1.8.2...
8.8CVSS
6.9AI Score
0.001EPSS
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspeci...
2.6CVSS
4AI Score
0.0004EPSS
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version:Download Station 5.8.6.283 ( 2024/06/21 )...
5.4CVSS
5.4AI Score
0.0004EPSS
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions:QTS 5.1.8.2823 bui...
7.8CVSS
7.3AI Score
0.0004EPSS
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version:QuMagie 2.3.1 and ...
7.8CVSS
6.5AI Score
0.0004EPSS