QNAP QTS: CVE-2024-21902: Multiple Vulnerabilities in QTS and QuTS hero

Multiple vulnerabilities have been reported to affect certain QNAP operating system versions: CVE-2024-21902: If exploited, the incorrect permission assignment for critical resources vulnerability could allow remote attackers who have gained user access to read or modify critical resources. CVE-2024-27127: If exploited, the double free vulnerability could allow remote attackers who have gained user access to execute arbitrary code. CVE-2024-27128, CVE-2024-27129, CVE-2024-27130: If exploited, the buffer copy without checking size of input vulnerabilities could allow remote attackers who have gained user access to execute arbitrary code. CVE-2024-21904: If exploited, the path traversal vulnerability could allow remote users to read the contents of unexpected files and expose sensitive data. We have already fixed these vulnerabilities in the following versions: