admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

QNAP 20211210

Browse Source 
CVE-2021-38680
CVE-2021-38687
CVE-2021-38688
This commit is contained in:
stanleyshuang 2021-12-29 20:55:35 +08:00
parent f391c0cbb6
commit a6d8d3973a
3 changed files with 282 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
2021/38xxx/CVE-2021-38680.json Normal file → Executable file
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-12-09T21:38:00.000Z",
"ID": "CVE-2021-38680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in Kazoo Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kazoo Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.11.20"
}
]
}
}
]
},
"vendor_name": "Linn Products Limited"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "XUELIANG SUN"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code.\nWe have already fixed this vulnerability in the following versions of Kazoo Server:\nKazoo Server 4.11.20 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-54"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of Kazoo Server:\nKazoo Server 4.11.20 and later\n"
}
],
"source": {
"advisory": "QSA-21-54",
"discovery": "EXTERNAL"
}
}

114
2021/38xxx/CVE-2021-38687.json Normal file → Executable file
View File

@ -1,18 +1,120 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-12-10T00:04:00.000Z",
"ID": "CVE-2021-38687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in Surveillance Station"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Surveillance Station",
"version": {
"version_data": [
{
"platform": "QTS 5.0 (64 bit)",
"version_affected": "<",
"version_value": "5.2.0.4.2 ( 2021/10/26 )"
},
{
"platform": "QTS 5.0 (32 bit)",
"version_affected": "<",
"version_value": "5.2.0.3.2 ( 2021/10/26 )"
},
{
"platform": "QTS 4.3.6 (64 bit)",
"version_affected": "<",
"version_value": "5.1.5.4.6 ( 2021/10/26 )"
},
{
"platform": "QTS 4.3.6 (32 bit)",
"version_affected": "<",
"version_value": "5.1.5.3.6 ( 2021/10/26 )"
},
{
"platform": "QTS 4.3.3",
"version_affected": "<",
"version_value": "5.1.5.3.6 ( 2021/10/26 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code.\nWe have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3: Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-46"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of Surveillance Station:\nQTS 5.0.0 (64 bit): Surveillance Station 5.2.0.4.2 ( 2021/10/26 ) and later\nQTS 5.0.0 (32 bit): Surveillance Station 5.2.0.3.2 ( 2021/10/26 ) and later\nQTS 4.3.6 (64 bit): Surveillance Station 5.1.5.4.6 ( 2021/10/26 ) and later\nQTS 4.3.6 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\nQTS 4.3.3 (32 bit): Surveillance Station 5.1.5.3.6 ( 2021/10/26 ) and later\n"
}
],
"source": {
"advisory": "QSA-21-46",
"discovery": "EXTERNAL"
}
}

93
2021/38xxx/CVE-2021-38688.json Normal file → Executable file
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-12-09T22:29:00.000Z",
"ID": "CVE-2021-38688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Improper Authentication in Qfile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qfile",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.0.0.1105"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Code Ninja"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information\nWe have already fixed this vulnerability in the following versions of Qfile:\nQfile 3.0.0.1105 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-55"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of Qfile:\nQfile 3.0.0.1105 and later\n"
}
],
"source": {
"advisory": "QSA-21-55",
"discovery": "EXTERNAL"
}
}