Show filters
203 Total Results
Displaying 51-60 of 203
Sort by:
Attacker Value
Unknown
CVE-2023-50366
Disclosure Date: September 06, 2024 (last updated September 12, 2024)
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
0
Attacker Value
Unknown
CVE-2023-39298
Disclosure Date: September 06, 2024 (last updated September 21, 2024)
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
0
Attacker Value
Unknown
CVE-2023-34979
Disclosure Date: September 06, 2024 (last updated September 18, 2024)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 20240606 and later
0
Attacker Value
Unknown
CVE-2023-34974
Disclosure Date: September 06, 2024 (last updated September 14, 2024)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
0
Attacker Value
Unknown
CVE-2024-32765
Disclosure Date: August 12, 2024 (last updated August 13, 2024)
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
0
Attacker Value
Unknown
CVE-2024-5925
Disclosure Date: June 28, 2024 (last updated January 05, 2025)
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-27130
Disclosure Date: May 21, 2024 (last updated September 12, 2024)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
0
Attacker Value
Unknown
CVE-2024-27129
Disclosure Date: May 21, 2024 (last updated September 12, 2024)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
0
Attacker Value
Unknown
CVE-2024-27128
Disclosure Date: May 21, 2024 (last updated September 12, 2024)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
0
Attacker Value
Unknown
CVE-2024-27127
Disclosure Date: May 21, 2024 (last updated September 12, 2024)
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
0