admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#4041

Browse Source 
Auto-merge PR#4041
This commit is contained in:
CVE Team 2022-01-13 20:00:31 -05:00 committed by GitHub
commit e76fc12c3c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 859 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
2021/38xxx/CVE-2021-38677.json Normal file → Executable file
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-12T23:04:00.000Z",
"ID": "CVE-2021-38677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Reflected XSS Vulnerability in QcalAgent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QcalAgent",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.7"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code.\nWe have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later\n"
}
],
"source": {
"advisory": "QSA-21-60",
"discovery": "EXTERNAL"
}
}

93
2021/38xxx/CVE-2021-38678.json Normal file → Executable file
View File

@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-12T22:58:00.000Z",
"ID": "CVE-2021-38678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Open Redirect Vulnerability in QcalAgent"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QcalAgent",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.1.7"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tony Martin, a security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware.\nWe have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-60"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QcalAgent:\nQcalAgent 1.1.7 and later\n"
}
],
"source": {
"advisory": "QSA-21-60",
"discovery": "EXTERNAL"
}
}

143
2021/38xxx/CVE-2021-38682.json Normal file → Executable file
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T00:53:00.000Z",
"ID": "CVE-2021-38682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code.\nWe have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 and later\nQTS 5.0.0: QVR Guard 2.1.3.0 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 and later\nQTS 5.0.0: QVR Guard 2.1.3.0 and later\n"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}

143
2021/38xxx/CVE-2021-38689.json Normal file → Executable file
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T13:44:00.000Z",
"ID": "CVE-2021-38689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code.\nWe have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}

143
2021/38xxx/CVE-2021-38690.json Normal file → Executable file
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T01:47:00.000Z",
"ID": "CVE-2021-38690",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code.\nWe have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}

143
2021/38xxx/CVE-2021-38691.json Normal file → Executable file
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T01:49:00.000Z",
"ID": "CVE-2021-38691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code.\nWe have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}

143
2021/38xxx/CVE-2021-38692.json Normal file → Executable file
View File

@ -1,18 +1,149 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-01-13T01:54:00.000Z",
"ID": "CVE-2021-38692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVR Elite",
"version": {
"version_data": [
{
"platform": "QuTS hero h5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QuTS hero h4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
},
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.4.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Pro",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
},
{
"product_name": "QVR Guard",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
},
{
"platform": "QTS 5.0.0",
"version_affected": "<",
"version_value": "2.1.3.0 (2021/12/06)"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code.\nWe have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-59"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QVR Elite, QVR Pro, QVR Guard:\nQuTS hero h5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQuTS hero h4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 5.0.0: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Elite 2.1.4.0 (2021/12/06) and later\nQTS 4.5.4: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Pro 2.1.3.0 (2021/12/06) and later\nQTS 4.5.4: QVR Guard 2.1.3.0 (2021/12/06) and later\nQTS 5.0.0: QVR Guard 2.1.3.0 (2021/12/06) and later\n"
}
],
"source": {
"advisory": "QSA-21-59",
"discovery": "EXTERNAL"
}
}