admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3041

Browse Source 
Auto-merge PR#3041
This commit is contained in:
CVE Team 2020-01-16 10:25:12 -05:00 committed by GitHub
commit 86c0514de9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 97 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
2018/0xxx/CVE-2018-0719.json
View File

@ -1,9 +1,10 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ASSIGNER": "psirt@qnap.com",
"DATE_PUBLIC": "2018-09-19T16:00:00.000Z",
"ID": "CVE-2018-0719",
"STATE": "PUBLIC"
"STATE": "PUBLIC",
"TITLE": "Security Advisory for Vulnerabilities in QTS"
},
"affects": {
"vendor": {
@ -12,22 +13,40 @@
"product": {
"product_data": [
{
"product_name": "QNAP QTS",
"product_name": "QTS",
"version": {
"version_data": [
{
"version_value": "QTS 4.2.6 build 20180711, QTS 4.3.3 build 20180725, QTS 4.3.4 build 20180710 and earlier versions"
"platform": "build 20180711",
"version_affected": "<=",
"version_value": "4.2.6"
},
{
"platform": "build 20180725",
"version_affected": "<=",
"version_value": "4.3.3"
},
{
"platform": "build 20180710",
"version_affected": "<=",
"version_value": "4.3.4"
}
]
}
}
]
},
"vendor_name": "QNAP"
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Davide Cioccia, security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -35,17 +54,36 @@
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to inject javascript code."
"value": "Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript.\nThis issue affects:\nQNAP Systems Inc. QTS\nversion 4.2.6 and prior versions on build 20180711;\nversion 4.3.3 and prior versions on build 20180725;\nversion 4.3.4 and prior versions on build 20180710."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
@ -59,5 +97,8 @@
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

55
2018/0xxx/CVE-2018-0721.json
View File

@ -1,8 +1,9 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"ASSIGNER": "psirt@qnap.com",
"ID": "CVE-2018-0721",
"STATE": "PUBLIC"
"STATE": "PUBLIC",
"TITLE": "Security Advisory for Vulnerabilities in QTS"
},
"affects": {
"vendor": {
@ -11,22 +12,40 @@
"product": {
"product_data": [
{
"product_name": "n/a",
"product_name": "QTS",
"version": {
"version_data": [
{
"version_value": "n/a"
"platform": "build 20180711",
"version_affected": "<=",
"version_value": "4.2.6"
},
{
"platform": "build 20180725",
"version_affected": "<=",
"version_value": "4.3.3"
},
{
"platform": "build 20180710",
"version_affected": "<=",
"version_value": "4.3.4"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yuki, security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
@ -34,17 +53,36 @@
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices."
"value": "Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code.\nThis issue affects:\nQNAP Systems Inc. QTS\nversion 4.2.6 and prior versions on build 20180711;\nversion 4.3.3 and prior versions on build 20180725;\nversion 4.3.4 and prior versions on build 20180710."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
"value": "CWE-120 Buffer Overflow"
}
]
}
@ -58,5 +96,8 @@
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}