CVE-2023-39301

CVE-2023-39301

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build 20230815 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.1.2488 build 20230812 and later
QuTScloud c5.1.0.2498 and later

Source: CVE-2023-39301

CVE-2023-23368

CVE-2023-23368

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later

Source: CVE-2023-23368

CVE-2023-39299

CVE-2023-39299

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.

We have already fixed the vulnerability in the following versions:
Music Station 4.8.11 and later
Music Station 5.1.16 and later
Music Station 5.3.23 and later

Source: CVE-2023-39299