admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-12-10 04:01:54 +00:00
parent 836f9491f5
commit 55ec782289
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 266 additions and 369 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
2019/7xxx/CVE-2019-7198.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,14 +18,10 @@
"version": {
"version_data": [
{
"platform": "build 20201015",
"version_affected": "<",
"version_value": "4.5.1.1456"
"version_value": "< 4.5.1.1456"
},
{
"platform": "build 20200702",
"version_affected": "<",
"version_value": "4.4.3.1354"
"version_value": "< 4.4.3.1354"
}
]
}
@ -34,16 +31,13 @@
"version": {
"version_data": [
{
"platform": "build 20201031",
"version_affected": "<",
"version_value": "h4.5.1.1472"
"version_value": "< h4.5.1.1472"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -61,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. \nQNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.\n\nQuTS hero h4.5.1.1472 build 20201031 and later\nQTS 4.5.1.1456 build 20201015 and later\nQTS 4.4.3.1354 build 20200702 and later\n"
"value": "This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later"
}
]
},
@ -92,6 +86,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-16",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-16"
}
]

416
2020/12xxx/CVE-2020-12516.json
View File

@ -1,231 +1,201 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-12516",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-12-09T09:00:00.000Z",
"TITLE": "WAGO: PLC families 750-88x and 750-352 prone to DoS attack",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"VDE-2020-042"
],
"advisory": "VDE-2020-042",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WAGO",
"product": {
"product_data": [
{
"product_name": "750-331/xxx-xxx",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"generator": {
"engine": "Vulnogram 0.0.9"
},
"CVE_data_meta": {
"ID": "CVE-2020-12516",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-12-09T09:00:00.000Z",
"TITLE": "WAGO: PLC families 750-88x and 750-352 prone to DoS attack",
"AKA": "",
"STATE": "PUBLIC"
},
"source": {
"defect": [
"VDE-2020-042"
],
"advisory": "VDE-2020-042",
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WAGO",
"product": {
"product_data": [
{
"product_name": "750-331/xxx-xxx",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-352",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-829",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-831/xxx-xxx",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-852",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-880/xxx-xxx",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-881",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-882",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-885",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
},
{
"product_name": "750-889",
"version": {
"version_data": [
{
"version_value": "FW1<=FW10"
}
]
}
}
]
}
]
}
},
{
"product_name": "750-352",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-829",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-831/xxx-xxx",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-852",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-880/xxx-xxx",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-881",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-882",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-885",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
},
{
"product_name": "750-889",
"version": {
"version_data": [
{
"version_name": "FW1",
"version_affected": "<=",
"version_value": "FW10",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-042",
"name": "https://cert.vde.com/en-us/advisories/vde-2020-042"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [
{
"lang": "eng",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports"
}
],
"solution": [
{
"lang": "eng",
"value": "Update the device to the latest FW version."
}
],
"credit": [
{
"lang": "eng",
"value": " These vulnerabilities were reported to WAGO by: William Knowles, Applied Risk. Coordination done by CERT@VDE."
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-042",
"name": "https://cert.vde.com/en-us/advisories/vde-2020-042"
}
]
},
"configuration": [],
"impact": {
"cvss": {
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
},
"exploit": [],
"work_around": [
{
"lang": "eng",
"value": "Restrict network access to the device.\nDo not directly connect the device to the internet\nDisable unused TCP/UDP-ports"
}
],
"solution": [
{
"lang": "eng",
"value": "Update the device to the latest FW version."
}
],
"credit": [
{
"lang": "eng",
"value": " These vulnerabilities were reported to WAGO by: William Knowles, Applied Risk. Coordination done by CERT@VDE."
}
]
}

31
2020/2xxx/CVE-2020-2491.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,41 +18,28 @@
"version": {
"version_data": [
{
"platform": "QTS 4.5.1",
"version_affected": "<",
"version_value": "6.0.12"
"version_value": "< 6.0.12"
},
{
"platform": "QTS 4.4.3",
"version_affected": "<",
"version_value": "6.0.12"
"version_value": "< 6.0.12"
},
{
"platform": "QTS 4.3.6",
"version_affected": "<",
"version_value": "5.7.12"
"version_value": "< 5.7.12"
},
{
"platform": "QTS 4.3.4",
"version_affected": "<",
"version_value": "5.7.13"
"version_value": "< 5.7.13"
},
{
"platform": "QTS 4.3.3",
"version_affected": "<",
"version_value": "5.4.10"
"version_value": "< 5.4.10"
},
{
"platform": "QTS 4.2.6",
"version_affected": "<",
"version_value": "5.2.11"
"version_value": "< 5.2.11"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -69,7 +57,7 @@
"description_data": [
{
"lang": "eng",
"value": "This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. \nQANP We have already fixed this vulnerability in the following versions of Photo Station.\n\nQTS 4.5.1: Photo Station 6.0.12 and later\nQTS 4.4.3: Photo Station 6.0.12 and later\nQTS 4.3.6: Photo Station 5.7.12 and later\nQTS 4.3.4: Photo Station 5.7.13 and later\nQTS 4.3.3: Photo Station 5.4.10 and later\nQTS 4.2.6: Photo Station 5.2.11 and later"
"value": "This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: Photo Station 6.0.12 and later QTS 4.3.6: Photo Station 5.7.12 and later QTS 4.3.4: Photo Station 5.7.13 and later QTS 4.3.3: Photo Station 5.4.10 and later QTS 4.2.6: Photo Station 5.2.11 and later"
}
]
},
@ -100,6 +88,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-15",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-15"
}
]

10
2020/2xxx/CVE-2020-2493.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,15 +18,13 @@
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.5"
"version_value": "< 1.1.5"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -43,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code.\nQANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later."
"value": "This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later."
}
]
},
@ -74,6 +73,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-14",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-14"
}
]

19
2020/2xxx/CVE-2020-2494.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,26 +18,19 @@
"version": {
"version_data": [
{
"platform": "QuTS hero h4.5.1",
"version_affected": "<",
"version_value": "5.3.13"
"version_value": "< 5.3.13"
},
{
"platform": "QTS 4.5.1",
"version_affected": "<",
"version_value": "5.3.12"
"version_value": "< 5.3.12"
},
{
"platform": "QTS 4.4.3",
"version_affected": "<",
"version_value": "5.3.12"
"version_value": "< 5.3.12"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -54,7 +48,7 @@
"description_data": [
{
"lang": "eng",
"value": "This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. \nQANP have already fixed this vulnerability in the following versions of Music Station.\n\nQuTS hero h4.5.1: Music Station 5.3.13 and later\nQTS 4.5.1: Music Station 5.3.12 and later\nQTS 4.4.3: Music Station 5.3.12 and later"
"value": "This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later"
}
]
},
@ -85,6 +79,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-13",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-13"
}
]

35
2020/2xxx/CVE-2020-2495.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,34 +18,22 @@
"version": {
"version_data": [
{
"platform": "build 20201015",
"version_affected": "<",
"version_value": "4.5.1.1456"
"version_value": "< 4.5.1.1456"
},
{
"platform": "build 20200702",
"version_affected": "<",
"version_value": "4.4.3.1354"
"version_value": "< 4.4.3.1354"
},
{
"platform": "build 20200608",
"version_affected": "<",
"version_value": "4.3.6.1333"
"version_value": "< 4.3.6.1333"
},
{
"platform": "build 20200703",
"version_affected": "<",
"version_value": "4.3.4.1368"
"version_value": "< 4.3.4.1368"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.3.3.1315"
"version_value": "< 4.3.3.1315"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.2.6"
"version_value": "< 4.2.6"
}
]
}
@ -54,16 +43,13 @@
"version": {
"version_data": [
{
"platform": "build 20201031",
"version_affected": "<",
"version_value": "h4.5.1.1472"
"version_value": "< h4.5.1.1472"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -81,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.\nQANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero.\n\nQuTS hero h4.5.1.1472 build 20201031 and later\nQTS 4.5.1.1456 build 20201015 and later\nQTS 4.4.3.1354 build 20200702 and later\nQTS 4.3.6.1333 build 20200608 and later\nQTS 4.3.4.1368 build 20200703 and later\nQTS 4.3.3.1315 build 20200611 and later\nQTS 4.2.6 build 20200611 and later"
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later"
}
]
},
@ -112,6 +98,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-12",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-12"
}
]

35
2020/2xxx/CVE-2020-2496.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,34 +18,22 @@
"version": {
"version_data": [
{
"platform": "build 20201015",
"version_affected": "<",
"version_value": "4.5.1.1456"
"version_value": "< 4.5.1.1456"
},
{
"platform": "build 20200702",
"version_affected": "<",
"version_value": "4.4.3.1354"
"version_value": "< 4.4.3.1354"
},
{
"platform": "build 20200608",
"version_affected": "<",
"version_value": "4.3.6.1333"
"version_value": "< 4.3.6.1333"
},
{
"platform": "build 20200703",
"version_affected": "<",
"version_value": "4.3.4.1368"
"version_value": "< 4.3.4.1368"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.3.3.1315"
"version_value": "< 4.3.3.1315"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.2.6"
"version_value": "< 4.2.6"
}
]
}
@ -54,16 +43,13 @@
"version": {
"version_data": [
{
"platform": "build 20201031",
"version_affected": "<",
"version_value": "h4.5.1.1472"
"version_value": "< h4.5.1.1472"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -81,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.\nQANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero.\n\nQuTS hero h4.5.1.1472 build 20201031 and later\nQTS 4.5.1.1456 build 20201015 and later\nQTS 4.4.3.1354 build 20200702 and later\nQTS 4.3.6.1333 build 20200608 and later\nQTS 4.3.4.1368 build 20200703 and later\nQTS 4.3.3.1315 build 20200611 and later\nQTS 4.2.6 build 20200611 and later"
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later"
}
]
},
@ -112,6 +98,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-12",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-12"
}
]

35
2020/2xxx/CVE-2020-2497.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,34 +18,22 @@
"version": {
"version_data": [
{
"platform": "build 20201015",
"version_affected": "<",
"version_value": "4.5.1.1456"
"version_value": "< 4.5.1.1456"
},
{
"platform": "build 20200702",
"version_affected": "<",
"version_value": "4.4.3.1354"
"version_value": "< 4.4.3.1354"
},
{
"platform": "build 20200608",
"version_affected": "<",
"version_value": "4.3.6.1333"
"version_value": "< 4.3.6.1333"
},
{
"platform": "build 20200703",
"version_affected": "<",
"version_value": "4.3.4.1368"
"version_value": "< 4.3.4.1368"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.3.3.1315"
"version_value": "< 4.3.3.1315"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.2.6"
"version_value": "< 4.2.6"
}
]
}
@ -54,16 +43,13 @@
"version": {
"version_data": [
{
"platform": "build 20201031",
"version_affected": "<",
"version_value": "h4.5.1.1472"
"version_value": "< h4.5.1.1472"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -81,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.\nQANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero.\n\nQuTS hero h4.5.1.1472 build 20201031 and later\nQTS 4.5.1.1456 build 20201015 and later\nQTS 4.4.3.1354 build 20200702 and later\nQTS 4.3.6.1333 build 20200608 and later\nQTS 4.3.4.1368 build 20200703 and later\nQTS 4.3.3.1315 build 20200611 and later\nQTS 4.2.6 build 20200611 and later"
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later"
}
]
},
@ -112,6 +98,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-12",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-12"
}
]

35
2020/2xxx/CVE-2020-2498.json
View File

@ -10,6 +10,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
@ -17,34 +18,22 @@
"version": {
"version_data": [
{
"platform": "build 20201015",
"version_affected": "<",
"version_value": "4.5.1.1456"
"version_value": "< 4.5.1.1456"
},
{
"platform": "build 20200702",
"version_affected": "<",
"version_value": "4.4.3.1354"
"version_value": "< 4.4.3.1354"
},
{
"platform": "build 20200608",
"version_affected": "<",
"version_value": "4.3.6.1333"
"version_value": "< 4.3.6.1333"
},
{
"platform": "build 20200703",
"version_affected": "<",
"version_value": "4.3.4.1368"
"version_value": "< 4.3.4.1368"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.3.3.1315"
"version_value": "< 4.3.3.1315"
},
{
"platform": "build 20200611",
"version_affected": "<",
"version_value": "4.2.6"
"version_value": "< 4.2.6"
}
]
}
@ -54,16 +43,13 @@
"version": {
"version_data": [
{
"platform": "build 20201031",
"version_affected": "<",
"version_value": "h4.5.1.1472"
"version_value": "< h4.5.1.1472"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
}
]
}
@ -81,7 +67,7 @@
"description_data": [
{
"lang": "eng",
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.\nQANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero.\n\nQuTS hero h4.5.1.1472 build 20201031 and later\nQTS 4.5.1.1456 build 20201015 and later\nQTS 4.4.3.1354 build 20200702 and later\nQTS 4.3.6.1333 build 20200608 and later\nQTS 4.3.4.1368 build 20200703 and later\nQTS 4.3.3.1315 build 20200611 and later\nQTS 4.2.6 build 20200611 and later"
"value": "If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later"
}
]
},
@ -112,6 +98,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.qnap.com/en/security-advisory/qsa-20-12",
"url": "https://www.qnap.com/en/security-advisory/qsa-20-12"
}
]