admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#1898

Browse Source 
Auto-merge PR#1898
This commit is contained in:
CVE Team 2021-06-02 22:45:21 -04:00 committed by GitHub
commit a48a217f42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 349 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
2021/28xxx/CVE-2021-28806.json
View File

@ -1,18 +1,129 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-03T02:06:00.000Z",
"ID": "CVE-2021-28806",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "DOM-Based XSS Vulnerability in QTS and QuTS hero"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.5.3.1652 Build 20210428"
},
{
"version_affected": "!",
"version_value": "4.3.6"
},
{
"version_affected": "!",
"version_value": "4.3.3"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "h4.5.2.1638 Build 20210414"
}
]
}
},
{
"product_name": "QuTScloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "c4.5.5.1656 Build 20210503"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marcin Zięba"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. \n\nThis issue affects:\nQNAP Systems Inc. QTS\nversions prior to 4.5.3.1652 Build 20210428.\nQNAP Systems Inc. QuTS hero\nversions prior to h4.5.2.1638 Build 20210414.\nQNAP Systems Inc. QuTScloud\nversions prior to c4.5.5.1656 Build 20210503.\n\nThis issue does not affect:\nQNAP Systems Inc. QTS\n4.3.6;\n4.3.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-22"
}
]
},
"solution": [
{
"lang": "eng",
"value": "QNAP have already fixed this vulnerability in the following versions:\n\nQTS 4.5.3.1652 Build 20210428 and later\nQuTS hero h4.5.2.1638 Build 20210414 and later\nQuTScloud c4.5.5.1656 Build 20210503 and later\n"
}
],
"source": {
"advisory": "QSA-21-22",
"discovery": "EXTERNAL"
}
}

114
2021/28xxx/CVE-2021-28807.json
View File

@ -1,18 +1,120 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-03T02:06:00.000Z",
"ID": "CVE-2021-28807",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Post-Authentication Reflected XSS Vulnerability in Q'center"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qcenter",
"version": {
"version_data": [
{
"platform": "QTS 4.5.3",
"version_affected": "<",
"version_value": "v1.12.1012"
},
{
"platform": "QTS 4.3.6",
"version_affected": "<",
"version_value": "v1.10.1004"
},
{
"platform": "QTS 4.3.3",
"version_affected": "<",
"version_value": "v1.10.1004"
},
{
"platform": "QuTS hero h4.5.2",
"version_affected": "<",
"version_value": "v1.12.1012"
},
{
"platform": "QuTScloud c4.5.4",
"version_affected": "<",
"version_value": "v1.12.1012"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Cappa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Qcenter. If exploited, this vulnerability allows remote attackers to inject malicious code.\nQNAP have already fixed this vulnerability in the following versions of Qcenter:\n\nQTS 4.5.3: Qcenter v1.12.1012 and later\nQTS 4.3.6: Qcenter v1.10.1004 and later\nQTS 4.3.3: Qcenter v1.10.1004 and later\nQuTS hero h4.5.2: Qcenter v1.12.1012 and later\nQuTScloud c4.5.4: Qcenter v1.12.1012 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-20"
}
]
},
"solution": [
{
"lang": "eng",
"value": "QNAP have already fixed this vulnerability in the following versions of Qcenter:\n\nQTS 4.5.3: Qcenter v1.12.1012 and later\nQTS 4.3.6: Qcenter v1.10.1004 and later\nQTS 4.3.3: Qcenter v1.10.1004 and later\nQuTS hero h4.5.2: Qcenter v1.12.1012 and later\nQuTScloud c4.5.4: Qcenter v1.12.1012 and later\n"
}
],
"source": {
"advisory": "QSA-21-20",
"discovery": "EXTERNAL"
}
}

130
2021/28xxx/CVE-2021-28812.json
View File

@ -1,18 +1,136 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-06-03T02:06:00.000Z",
"ID": "CVE-2021-28812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Command Injection Vulnerability in Video Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Video Station",
"version": {
"version_data": [
{
"platform": "QTS 4.5.2",
"version_affected": "<",
"version_value": "5.5.4"
},
{
"platform": "QuTS hero h4.5.2",
"version_affected": "<",
"version_value": "5.5.4"
},
{
"platform": "QuTScloud c4.5.4",
"version_affected": "<",
"version_value": "5.5.4"
},
{
"platform": "QTS 4.3.6",
"version_affected": "!",
"version_value": "5.3.x"
},
{
"platform": "QTS 4.3.3",
"version_affected": "!",
"version_value": "5.1.x"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thomas Fady"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.\n\nThis issue affects:\nQNAP Systems Inc. Video Station\nversions prior to 5.5.4 on QTS 4.5.2;\nversions prior to 5.5.4 on QuTS hero h4.5.2;\nversions prior to 5.5.4 on QuTScloud c4.5.4.\n\nThis issue does not affect:\nQNAP Systems Inc. Video Station\n on QTS 4.3.6;\n on QTS 4.3.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286 Improper Validation of Syntactic Correctness of Input"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-21-21"
}
]
},
"solution": [
{
"lang": "eng",
"value": "QNAP have already fixed the issue in the following versions:\n\nQTS 4.5.2: Video Station 5.5.4 and later\nQuTS hero h4.5.2: Video Station 5.5.4 and later\nQuTScloud c4.5.4: Video Station 5.5.4 and later\n"
}
],
"source": {
"advisory": "QSA-21-21",
"discovery": "EXTERNAL"
}
}