Refine your search
9 vulnerabilities found for QVR by Qnap
CERTFR-2024-AVI-0752
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2790 build 20240606 | ||
| Qnap | QTS | QTS versions 4.3.4 antérieures à 4.3.4.2814 build 20240618 | ||
| Qnap | Download Station | Download Station versions 5.8.x antérieures à 5.8.6.283 | ||
| Qnap | QTS | QTS versions 4.3.3 antérieures à 4.3.3.2784 build 20240619 | ||
| Qnap | QuMagie | QuMagie versions 2.3.x antérieures à 2.3.1 | ||
| Qnap | QTS | QTS versions 4.2.6 antérieures à 4.2.6 build 20240618 | ||
| Qnap | QTS | QTS versions 4.3.6 antérieures à 4.3.6.2805 build 20240619 | ||
| Qnap | Helpdesk | Helpdesk versions 3.3.x antérieures à 3.3.1 | ||
| Qnap | Notes Station | Notes Station 3 versions 3.9.x antérieures à 3.9.6 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.2.0.2782 build 20240601 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.2.0.2782 build 20240601 | ||
| Qnap | Music Station | Music Station versions 5.4.x antérieures à 5.4.0 | ||
| Qnap | Video Station | Video Station versions 5.8.x antérieures à 5.8.2 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2790 build 20240605 | ||
| Qnap | QuLog Center | QuLog Center versions 1.7.x.x antérieures à 1.7.0.827 | ||
| Qnap | QuLog Center | QuLog Center versions 1.8.x.x antérieures à 1.8.0.872 | ||
| Qnap | QVR | QVR Smart Client versions 2.4.x.x antérieures à 2.4.0.0570 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2790 build 20240606",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.4 ant\u00e9rieures \u00e0 4.3.4.2814 build 20240618",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Download Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.6.283",
"product": {
"name": "Download Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.3 ant\u00e9rieures \u00e0 4.3.3.2784 build 20240619",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuMagie versions 2.3.x ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.2.6 ant\u00e9rieures \u00e0 4.2.6 build 20240618",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.6 ant\u00e9rieures \u00e0 4.3.6.2805 build 20240619",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Helpdesk versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "Helpdesk",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.6",
"product": {
"name": "Notes Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.2.0.2782 build 20240601",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.2.0.2782 build 20240601",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Music Station versions 5.4.x ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Video Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.2",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2790 build 20240605",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.7.x.x ant\u00e9rieures \u00e0 1.7.0.827",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.8.x.x ant\u00e9rieures \u00e0 1.8.0.872",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Smart Client versions 2.4.x.x ant\u00e9rieures \u00e0 2.4.0.0570",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-27592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27592"
},
{
"name": "CVE-2023-50360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50360"
},
{
"name": "CVE-2024-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32762"
},
{
"name": "CVE-2024-21906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21906"
},
{
"name": "CVE-2024-38640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38640"
},
{
"name": "CVE-2024-53691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53691"
},
{
"name": "CVE-2023-34974",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34974"
},
{
"name": "CVE-2024-27125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27125"
},
{
"name": "CVE-2024-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32763"
},
{
"name": "CVE-2024-27126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27126"
},
{
"name": "CVE-2023-47563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47563"
},
{
"name": "CVE-2024-38641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38641"
},
{
"name": "CVE-2024-38642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38642"
},
{
"name": "CVE-2023-34979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34979"
},
{
"name": "CVE-2023-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39298"
},
{
"name": "CVE-2023-39300",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39300"
},
{
"name": "CVE-2023-45038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"
},
{
"name": "CVE-2024-32771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32771"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-27122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27122"
}
],
"initial_release_date": "2024-09-09T00:00:00",
"last_revision_date": "2025-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0752",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-09T00:00:00.000000"
},
{
"description": "Ajout de l\u0027identifiant CVE-2024-53691.",
"revision_date": "2025-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-24",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-24"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-26",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-26"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-34",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-34"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-30",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-30"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-21",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-21"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-27",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-27"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-29",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-29"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-28",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-28"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-32",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-32"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-25",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-25"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-33",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-33"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-22",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-22"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-35",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-35"
}
]
}
CERTFR-2023-AVI-1011
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | Qnap QuTS hero h5.0.x versions antérieures à h5.0.1.2515 build 20230907 | ||
| Qnap | QTS | Qnap QTS 5.0.x versions antérieures à 5.0.1.2514 build 20230906 | ||
| Qnap | QTS | Qnap QTS 4.5.x versions antérieures à 4.5.4.2467 build 20230718 | ||
| Qnap | QTS | Qnap QTS 5.1.x versions antérieures à 5.1.3.2578 build 20231110 | ||
| Qnap | QVR | Qnap QVR Firmware 4.x versions antérieures à 5.x | ||
| Qnap | QuTS hero | Qnap QuTS hero h5.1.x versions antérieures à h5.1.3.2578 build 20231110 | ||
| Qnap | QuTS hero | Qnap QuTS hero h4.5.x versions antérieures à h4.5.4.2476 build 20230728 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Qnap QuTS hero h5.0.x versions ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.1.2514 build 20230906",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS 5.1.x versions ant\u00e9rieures \u00e0 5.1.3.2578 build 20231110",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QVR Firmware 4.x versions ant\u00e9rieures \u00e0 5.x",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 h5.1.3.2578 build 20231110",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2023-23372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23372"
},
{
"name": "CVE-2023-3961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3961"
},
{
"name": "CVE-2023-32975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32975"
},
{
"name": "CVE-2023-32968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32968"
},
{
"name": "CVE-2023-47565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47565"
}
],
"initial_release_date": "2023-12-11T00:00:00",
"last_revision_date": "2023-12-11T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-07 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-40 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-40"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-48 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-48"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-20 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-20"
}
]
}
CERTFR-2023-AVI-0721
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une atteinte à la confidentialité des données et une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuLog Center | QuLog Center pour QuTscloud c5.0.1 versions 1.4.x antérieures à 1.4.1.691 | ||
| Qnap | N/A | QuFirewall versions 2.3.x antérieures à 2.3.3 | ||
| Qnap | N/A | QuLog Center pour QTS 4.5.4 versions 1.3.x antérieures à 1.3.1.645 | ||
| Qnap | QVR | QVR Pro Client versions 2.3.x antérieures à 2.3.0.0420 | ||
| Qnap | N/A | QuLog Center pour QTS 5.0.1 versions 1.5.x antérieures à 1.5.0.738 | ||
| Qnap | N/A | QuLog Center pour QuTS hero h4.5.4 versions 1.3.x antérieures à 1.3.1.645 | ||
| Qnap | N/A | QuLog Center pour QuTS hero h5.0.1 versions 1.5.x antérieures à 1.5.0.738 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuLog Center pour QuTscloud c5.0.1 versions 1.4.x ant\u00e9rieures \u00e0 1.4.1.691",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuFirewall versions 2.3.x ant\u00e9rieures \u00e0 2.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center pour QTS 4.5.4 versions 1.3.x ant\u00e9rieures \u00e0 1.3.1.645",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Pro Client versions 2.3.x ant\u00e9rieures \u00e0 2.3.0.0420",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center pour QTS 5.0.1 versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.738",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center pour QuTS hero h4.5.4 versions 1.3.x ant\u00e9rieures \u00e0 1.3.1.645",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center pour QuTS hero h5.0.1 versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.738",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23356"
},
{
"name": "CVE-2023-23354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23354"
},
{
"name": "CVE-2023-23357",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23357"
},
{
"name": "CVE-2022-27599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27599"
}
],
"initial_release_date": "2023-09-08T00:00:00",
"last_revision_date": "2023-09-08T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0721",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\nex\u00e9cution de code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-13 du 08 septembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-13"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-08 du 08 septembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-08"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-14 du 08 septembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-14"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-16 du 08 septembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-16"
}
]
}
CERTFR-2023-AVI-0602
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer un déni de service à distance et une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QVR | QVR Pro Appliance versions antérieures à 2.3.1.0476 | ||
| Qnap | QTS | QTS versions antérieures à 4.5.4.2280 build 20230112 | ||
| Qnap | QuTS hero | QuTS hero versions antérieures à h4.5.4.2374 build 20230417 | ||
| Qnap | N/A | QVPN Device Client pour Windows versions antérieures à 2.0.0.1316 | ||
| Qnap | N/A | QuTScloud versions antérieures à c5.0.1.2374 build 20230419 | ||
| Qnap | QTS | QTS versions antérieures à 5.0.1.2277 build 20230112 | ||
| Qnap | QuTS hero | QuTS hero versions antérieures à h5.0.1.2277 build 20230112 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVR Pro Appliance versions ant\u00e9rieures \u00e0 2.3.1.0476",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions ant\u00e9rieures \u00e0 4.5.4.2280 build 20230112",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions ant\u00e9rieures \u00e0 h4.5.4.2374 build 20230417",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVPN Device Client pour Windows versions ant\u00e9rieures \u00e0 2.0.0.1316",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTScloud versions ant\u00e9rieures \u00e0 c5.0.1.2374 build 20230419",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions ant\u00e9rieures \u00e0 5.0.1.2277 build 20230112",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions ant\u00e9rieures \u00e0 h5.0.1.2277 build 20230112",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-27600",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27600"
},
{
"name": "CVE-2022-27595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27595"
}
],
"initial_release_date": "2023-07-28T00:00:00",
"last_revision_date": "2023-07-28T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0602",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance et une ex\u00e9cution de code\narbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-04 du 28 juillet 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-09 du 28 juillet 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-09"
}
]
}
CERTFR-2022-AVI-421
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | Qnap Photo Station versions antérieures à 6.0.20 (2022/02/15) | ||
| Qnap | N/A | Qnap Photo Station versions antérieures à 5.4.13 (2022/02/11) | ||
| Qnap | N/A | Qnap Photo Station versions antérieures à 5.7.16 (2022/02/11) | ||
| Qnap | Video Station | Qnap Video Station versions antérieures à 5.3.13 | ||
| Qnap | QTS | Qnap QTS versions antérieures à 4.5.4.1991 build 20220329 | ||
| Qnap | QTS | Qnap QTS versions antérieures à 4.3.4.1976 build 20220303 | ||
| Qnap | N/A | Qnap QuTScloud versions antérieures à c5.0.1.1998 | ||
| Qnap | QTS | Qnap QTS versions antérieures à 4.2.6 build 20220304 | ||
| Qnap | QTS | Qnap QTS versions antérieures à 4.3.3.1945 build 20220303 | ||
| Qnap | QTS | Qnap QTS versions antérieures à 5.0.0.1986 build 20220324 | ||
| Qnap | Video Station | Qnap Video Station versions antérieures à 5.5.9 | ||
| Qnap | QTS | Qnap QTS versions antérieures à 4.3.6.1965 build 20220302 | ||
| Qnap | QVR | Qnap QVR versions antérieures à 5.1.6 build 20220401 | ||
| Qnap | Video Station | Qnap Video Station versions antérieures à 5.1.8 | ||
| Qnap | QuTS hero | Qnap QuTS hero versions antérieures à h5.0.0.1986 build 20220324 | ||
| Qnap | QuTS hero | Qnap QuTS hero versions antérieures à h4.5.4.1971 build 20220310 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Qnap Photo Station versions ant\u00e9rieures \u00e0 6.0.20 (2022/02/15)",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap Photo Station versions ant\u00e9rieures \u00e0 5.4.13 (2022/02/11)",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap Photo Station versions ant\u00e9rieures \u00e0 5.7.16 (2022/02/11)",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap Video Station versions ant\u00e9rieures \u00e0 5.3.13",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions ant\u00e9rieures \u00e0 4.5.4.1991 build 20220329",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions ant\u00e9rieures \u00e0 4.3.4.1976 build 20220303",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTScloud versions ant\u00e9rieures \u00e0 c5.0.1.1998",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions ant\u00e9rieures \u00e0 4.2.6 build 20220304",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions ant\u00e9rieures \u00e0 4.3.3.1945 build 20220303",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions ant\u00e9rieures \u00e0 5.0.0.1986 build 20220324",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap Video Station versions ant\u00e9rieures \u00e0 5.5.9",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions ant\u00e9rieures \u00e0 4.3.6.1965 build 20220302",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QVR versions ant\u00e9rieures \u00e0 5.1.6 build 20220401",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap Video Station versions ant\u00e9rieures \u00e0 5.1.8",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero versions ant\u00e9rieures \u00e0 h5.0.0.1986 build 20220324",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero versions ant\u00e9rieures \u00e0 h4.5.4.1971 build 20220310",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-44056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44056"
},
{
"name": "CVE-2022-44057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44057"
},
{
"name": "CVE-2022-44053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44053"
},
{
"name": "CVE-2022-44052",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44052"
},
{
"name": "CVE-2022-44054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44054"
},
{
"name": "CVE-2022-27588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27588"
},
{
"name": "CVE-2022-44055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44055"
},
{
"name": "CVE-2022-38693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38693"
},
{
"name": "CVE-2022-44051",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44051"
}
],
"initial_release_date": "2022-05-06T00:00:00",
"last_revision_date": "2022-05-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-421",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-22-13 du 6 mai 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-22-13"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-22-14 du 6 mai 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-22-14"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-22-07 du 6 mai 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-22-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-22-15 du 6 mai 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-22-15"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-22-16 du 6 mai 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-22-16"
}
]
}
CERTFR-2022-AVI-033
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits QNAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QTS | QTS 4.5.x versions antérieures à 4.5.4.1892 build 20211223 | ||
| Qnap | N/A | QcalAgent versions antérieures à 1.1.7 | ||
| Qnap | QVR | QVR Pro versions antérieures à 2.1.3.0 du 06/12/2021 | ||
| Qnap | QTS | QTS 5.0.x versions antérieures à 5.0.0.1891 build 20211221 | ||
| Qnap | QVR | QVR Guard versions antérieures à 2.1.3.0 du 06/12/2021 | ||
| Qnap | QuTS hero | QuTS hero versions antérieures à h5.0.0.1892 build 20211222 | ||
| Qnap | QVR | QVR Elite versions antérieures à 2.1.4.0 du 06/12/2021 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.1892 build 20211223",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QcalAgent versions ant\u00e9rieures \u00e0 1.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Pro versions ant\u00e9rieures \u00e0 2.1.3.0 du 06/12/2021",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.0.1891 build 20211221",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Guard versions ant\u00e9rieures \u00e0 2.1.3.0 du 06/12/2021",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions ant\u00e9rieures \u00e0 h5.0.0.1892 build 20211222",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Elite versions ant\u00e9rieures \u00e0 2.1.4.0 du 06/12/2021",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38690"
},
{
"name": "CVE-2021-38677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38677"
},
{
"name": "CVE-2021-38691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38691"
},
{
"name": "CVE-2021-38678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38678"
},
{
"name": "CVE-2021-38692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38692"
},
{
"name": "CVE-2021-38689",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38689"
},
{
"name": "CVE-2021-38682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38682"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-033",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits QNAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits QNAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP qsa-21-57 du 13 janvier 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-57"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP qsa-21-60 du 13 janvier 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-60"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP qsa-21-59 du 13 janvier 2022",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-59"
}
]
}
CERTFR-2021-AVI-906
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Qnap QVR. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVR versions ant\u00e9rieures \u00e0 5.1.6 build 20211109",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38685"
},
{
"name": "CVE-2021-38686",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38686"
}
],
"initial_release_date": "2021-11-29T00:00:00",
"last_revision_date": "2021-11-29T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-906",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Qnap QVR. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Qnap QVR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-21-52 du 26 novembre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-52"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-21-51 du 26 novembre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-51"
}
]
}
CERTFR-2021-AVI-746
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits QNAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QVR | QVR versions antérieures à 5.1.5 build 20210902 | ||
| Qnap | N/A | Photo Station versions 5.4.x antérieures à 5.4.10 | ||
| Qnap | N/A | Image2PDF versions antérieures à 2.1.5 | ||
| Qnap | N/A | Photo Station versions 6.0.x antérieures à 6.0.18 | ||
| Qnap | N/A | Photo Station versions 5.7.x antérieures à 5.7.13 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVR versions ant\u00e9rieures \u00e0 5.1.5 build 20210902",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station versions 5.4.x ant\u00e9rieures \u00e0 5.4.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Image2PDF versions ant\u00e9rieures \u00e0 2.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station versions 6.0.x ant\u00e9rieures \u00e0 6.0.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station versions 5.7.x ant\u00e9rieures \u00e0 5.7.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34354"
},
{
"name": "CVE-2021-34355",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34355"
},
{
"name": "CVE-2021-34352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34352"
},
{
"name": "CVE-2021-38675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38675"
},
{
"name": "CVE-2021-34356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34356"
}
],
"initial_release_date": "2021-10-01T00:00:00",
"last_revision_date": "2021-10-01T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-746",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits QNAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits QNAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-41 du 1 octobre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-41"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-43 du 1 octobre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-43"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-38 du 1 octobre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-38"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-42 du 1 octobre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-42"
}
]
}
CERTFR-2021-AVI-738
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans QNAP QVR. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QVR versions ant\u00e9rieures \u00e0 5.1.5 build 20210803",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34351"
},
{
"name": "CVE-2021-34348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34348"
},
{
"name": "CVE-2021-34349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34349"
}
],
"initial_release_date": "2021-09-27T00:00:00",
"last_revision_date": "2021-09-27T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-738",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans QNAP QVR. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans QNAP QVR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-35 du 27 septembre 2021",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-35"
}
]
}