All the vulnerabilites related to QNAP Systems - QNAP QTS
jvndb-2016-000119
Vulnerability from jvndb
Published
2016-06-27 13:48
Modified
2016-08-03 14:55
Severity ?
Summary
QNAP QTS vulnerable to cross-site scripting
Details
QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability (CWE-79).
Keigo YAMAZAKI of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
QNAP Systems | QNAP QTS |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000119.html", "dc:date": "2016-08-03T14:55+09:00", "dcterms:issued": "2016-06-27T13:48+09:00", "dcterms:modified": "2016-08-03T14:55+09:00", "description": "QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKeigo YAMAZAKI of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000119.html", "sec:cpe": { "#text": "cpe:/o:qnap:qts", "@product": "QNAP QTS", "@vendor": "QNAP Systems", "@version": "2.2" }, "sec:cvss": [ { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, { "@score": "6.1", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "@version": "3.0" } ], "sec:identifier": "JVNDB-2016-000119", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN42930233/index.html", "@id": "JVN#42930233", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5664", "@id": "CVE-2015-5664", "@source": "CVE" }, { "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5664", "@id": "CVE-2015-5664", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "QNAP QTS vulnerable to cross-site scripting" }
jvndb-2014-000126
Vulnerability from jvndb
Published
2014-10-28 14:39
Modified
2015-12-25 13:47
Summary
QNAP QTS vulnerable to OS command injection
Details
QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability (CWE-78).
Yuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
QNAP Systems | QNAP QTS |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000126.html", "dc:date": "2015-12-25T13:47+09:00", "dcterms:issued": "2014-10-28T14:39+09:00", "dcterms:modified": "2015-12-25T13:47+09:00", "description": "QNAP QTS is an operating system for Turbo NAS. QNAP QTS contains a flaw in the GNU Bash shell, which may result in an OS command injection vulnerability (CWE-78).\r\n\r\nYuuki Wakisaka of University of Electro-Communications reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000126.html", "sec:cpe": { "#text": "cpe:/o:qnap:qts", "@product": "QNAP QTS", "@vendor": "QNAP Systems", "@version": "2.2" }, "sec:cvss": { "@score": "10.0", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "@version": "2.0" }, "sec:identifier": "JVNDB-2014-000126", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN55667175/index.html", "@id": "JVN#55667175", "@source": "JVN" }, { "#text": "https://jvn.jp/vu/JVNVU97219505/index.html", "@id": "JVNVU#97219505", "@source": "JVN" }, { "#text": "http://jvn.jp/vu/JVNVU97220341/index.html", "@id": "JVNVU#97220341", "@source": "JVN" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004399.html", "@id": "JVNDB-2014-004399", "@source": "JVN iPedia" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004410.html", "@id": "JVNDB-2014-004410", "@source": "JVN iPedia" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004431.html", "@id": "JVNDB-2014-004431", "@source": "JVN iPedia" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004476.html", "@id": "JVNDB-2014-004476", "@source": "JVN iPedia" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004432.html", "@id": "JVNDB-2014-004432", "@source": "JVN iPedia" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004433.html", "@id": "JVNDB-2014-004433", "@source": "JVN iPedia" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169", "@id": "CVE-2014-7169", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271", "@id": "CVE-2014-6271", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277", "@id": "CVE-2014-6277", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278", "@id": "CVE-2014-6278", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186", "@id": "CVE-2014-7186", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187", "@id": "CVE-2014-7187", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169", "@id": "CVE-2014-7169", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271", "@id": "CVE-2014-6271", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277", "@id": "CVE-2014-6277", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278", "@id": "CVE-2014-6278", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186", "@id": "CVE-2014-7186", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187", "@id": "CVE-2014-7187", "@source": "NVD" }, { "#text": "http://www.kb.cert.org/vuls/id/252743", "@id": "VU#252743", "@source": "CERT-VN" }, { "#text": "https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01", "@id": "ICSA-15-344-01", "@source": "ICS-CERT ADVISORY" }, { "#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-269-01a", "@id": "ICSA-14-269-01A", "@source": "ICS-CERT ADVISORY" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" } ], "title": "QNAP QTS vulnerable to OS command injection" }