Search criteria
80 vulnerabilities found for QuTS hero by Qnap
CERTFR-2025-AVI-0981
Vulnerability from certfr_avis - Published: 2025-11-10 - Updated: 2025-11-10
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QuMagie versions 2.6.x et 2.7.x antérieures à 2.7.3 | ||
| Qnap | Hybrid Backup Sync | HBS 3 Hybrid Backup Sync versions 26.x antérieures à 26.2.0.938 | ||
| Qnap | N/A | Notification Center versions 1.9.x pour QTS 5.2.x et QuTS hero h5.2.x antérieures à 1.9.2.3163 | ||
| Qnap | N/A | Hyper Data Protector versions 2.2.x antérieures à 2.2.4.1 | ||
| Qnap | N/A | Notification Center versions 3.0.x pour QuTS hero h5.6.x et QuTS hero h6.0.x antérieures à 3.0.0.3466 | ||
| Qnap | N/A | Malware Remover versions 6.6.x antérieures à 6.6.8.20251023 | ||
| Qnap | N/A | Download Station versions 5.10.x pour QTS 5.2.1 antérieures à 5.10.0.305 ( 2025/09/16 ) | ||
| Qnap | QuTS hero | QuTS hero versions h5.3.x antérieures à h5.3.1.3292 build 20251024 | ||
| Qnap | QuLog Center | QuLog Center versions 1.8.x antérieures à 1.8.2.923 ( 2025/08/27 ) | ||
| Qnap | N/A | Download Station versions 5.10.x pour QuTS hero h5.2.1 antérieures à 5.10.0.304 ( 2025/09/08 ) | ||
| Qnap | QTS | QTS versions 5.2.x antérieures à QTS 5.2.7.3297 build 20251024 | ||
| Qnap | QuTS hero | QuTS hero versions h5.2.x antérieures à h5.2.7.3297 build 20251024 | ||
| Qnap | File Station | File Station 5 versions 5.5.x antérieures à 5.5.6.5018 | ||
| Qnap | N/A | Qsync Central versions 5.0.x antérieures à 5.0.0.3 ( 2025/08/28 ) | ||
| Qnap | N/A | Notification Center versions 2.1.x pour QuTS hero h5.3.x antérieures à 2.1.0.3443 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuMagie versions 2.6.x et 2.7.x ant\u00e9rieures \u00e0 2.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "HBS 3 Hybrid Backup Sync versions 26.x ant\u00e9rieures \u00e0 26.2.0.938",
"product": {
"name": "Hybrid Backup Sync",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notification Center versions 1.9.x pour QTS 5.2.x et QuTS hero h5.2.x ant\u00e9rieures \u00e0 1.9.2.3163",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Hyper Data Protector versions 2.2.x ant\u00e9rieures \u00e0 2.2.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notification Center versions 3.0.x pour QuTS hero h5.6.x et QuTS hero h6.0.x ant\u00e9rieures \u00e0 3.0.0.3466",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Malware Remover versions 6.6.x ant\u00e9rieures \u00e0 6.6.8.20251023",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Download Station versions 5.10.x pour QTS 5.2.1 ant\u00e9rieures \u00e0 5.10.0.305 ( 2025/09/16 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.3.x ant\u00e9rieures \u00e0 h5.3.1.3292 build 20251024",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.2.923 ( 2025/08/27 )",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Download Station versions 5.10.x pour QuTS hero h5.2.1 ant\u00e9rieures \u00e0 5.10.0.304 ( 2025/09/08 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 QTS 5.2.7.3297 build 20251024",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.7.3297 build 20251024",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.5018",
"product": {
"name": "File Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 5.0.x ant\u00e9rieures \u00e0 5.0.0.3 ( 2025/08/28 )",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notification Center versions 2.1.x pour QuTS hero h5.3.x ant\u00e9rieures \u00e0 2.1.0.3443",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-57712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57712"
},
{
"name": "CVE-2025-47207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47207"
},
{
"name": "CVE-2025-53413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53413"
},
{
"name": "CVE-2025-53411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53411"
},
{
"name": "CVE-2025-58469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58469"
},
{
"name": "CVE-2025-62849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62849"
},
{
"name": "CVE-2025-54167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54167"
},
{
"name": "CVE-2025-62842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62842"
},
{
"name": "CVE-2025-59389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59389"
},
{
"name": "CVE-2025-57706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57706"
},
{
"name": "CVE-2025-58463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58463"
},
{
"name": "CVE-2025-53409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53409"
},
{
"name": "CVE-2025-53408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53408"
},
{
"name": "CVE-2025-53412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53412"
},
{
"name": "CVE-2025-58465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58465"
},
{
"name": "CVE-2025-54168",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54168"
},
{
"name": "CVE-2025-52865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52865"
},
{
"name": "CVE-2025-53410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53410"
},
{
"name": "CVE-2025-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52425"
},
{
"name": "CVE-2025-58464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58464"
},
{
"name": "CVE-2025-62847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62847"
},
{
"name": "CVE-2025-11837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11837"
},
{
"name": "CVE-2025-62848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62848"
},
{
"name": "CVE-2025-62840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62840"
}
],
"initial_release_date": "2025-11-10T00:00:00",
"last_revision_date": "2025-11-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0981",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-37",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-37"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-45",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-45"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-48",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-48"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-40",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-40"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-43",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-43"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-38",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-38"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-41",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-41"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-47",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-47"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-33",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-33"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-42",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-42"
},
{
"published_at": "2025-11-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-46",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-46"
}
]
}
CERTFR-2025-AVI-0486
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QTS | QTS versions 5.2.x antérieures à 5.2.4.3079 build 20250321 | ||
| Qnap | QuRouter | QuRouter versions 2.4.x et 2.5.x antérieures à 2.5.0.140 | ||
| Qnap | QuTS hero | QuTS hero versions h5.2.x antérieures à h5.2.4.3079 build 20250321 | ||
| Qnap | License Center | License Center versions 1.9.x antérieures à 1.9.49 | ||
| Qnap | File Station | File Station 5 versions 5.5.x antérieures à 5.5.6.4847 | ||
| Qnap | Qsync | Qsync Central versions 4.5.x antérieures à 4.5.0.6 | ||
| Qnap | QES | QES versions 2.2.x antérieures à 2.2.1 build 20250304 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.4.3079 build 20250321",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuRouter versions 2.4.x et 2.5.x ant\u00e9rieures \u00e0 2.5.0.140",
"product": {
"name": "QuRouter",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.4.3079 build 20250321",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 1.9.x ant\u00e9rieures \u00e0 1.9.49",
"product": {
"name": "License Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.4847",
"product": {
"name": "File Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 4.5.x ant\u00e9rieures \u00e0 4.5.0.6",
"product": {
"name": "Qsync",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QES versions 2.2.x ant\u00e9rieures \u00e0 2.2.1 build 20250304",
"product": {
"name": "QES",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-33031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33031"
},
{
"name": "CVE-2024-56805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56805"
},
{
"name": "CVE-2024-50406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50406"
},
{
"name": "CVE-2025-22482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22482"
},
{
"name": "CVE-2025-26466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
},
{
"name": "CVE-2025-29872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29872"
},
{
"name": "CVE-2025-29892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29892"
},
{
"name": "CVE-2025-22490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22490"
},
{
"name": "CVE-2025-29873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29873"
},
{
"name": "CVE-2025-29884",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29884"
},
{
"name": "CVE-2025-33035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33035"
},
{
"name": "CVE-2025-29876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29876"
},
{
"name": "CVE-2025-22485",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22485"
},
{
"name": "CVE-2024-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13087"
},
{
"name": "CVE-2025-22484",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22484"
},
{
"name": "CVE-2023-28370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28370"
},
{
"name": "CVE-2025-29877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29877"
},
{
"name": "CVE-2025-29883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29883"
},
{
"name": "CVE-2025-30279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30279"
},
{
"name": "CVE-2025-22486",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22486"
},
{
"name": "CVE-2025-29871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29871"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2025-22481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22481"
},
{
"name": "CVE-2024-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13088"
},
{
"name": "CVE-2025-29885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29885"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0486",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-17",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-17"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-11",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-11"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-14",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-14"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-10",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-10"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-09",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-09"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-15",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-15"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-13",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-13"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-16",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-16"
},
{
"published_at": "2025-06-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-12",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-12"
}
]
}
CERTFR-2025-AVI-0188
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | HBS 3 Hybrid Backup Sync | HBS 3 Hybrid Backup Sync versions 25.1.x antérieures à 25.1.4.952 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.9.2954 build 20241120 | ||
| Qnap | QuLog Center | QuLog Center versions 1.8.x antérieures à 1.8.0.888 | ||
| Qnap | File Station | File Station versions 5.5.x antérieures à 5.5.6.4741 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.9.2954 build 20241120 | ||
| Qnap | Helpdesk | Helpdesk versions 3.3.x antérieurs à 3.3.3 | ||
| Qnap | QuRouter | QuRouter versions 2.4.x antérieures à 2.4.6.028 | ||
| Qnap | QVPN | QVPN Device Client versions 2.2.x antérieures à 2.2.5 pour Mac | ||
| Qnap | QTS | QTS versions 5.2.x antérieures à 5.2.3.3006 build 20250108 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2957 build 20241119 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2956 build 20241119 | ||
| Qnap | QuLog Center | QuLog Center versions 1.7.x antérieures à 1.7.0.829 | ||
| Qnap | Qsync | Qsync Client versions 5.1.x antérieures à 5.1.3 pour Mac | ||
| Qnap | QuTS hero | QuTS hero versions h5.2.x antérieures à h5.2.3.3006 build 20250108 | ||
| Qnap | Qfinder | Qfinder Pro Mac versions 7.11.x antérieures à 7.11.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HBS 3 Hybrid Backup Sync versions 25.1.x ant\u00e9rieures \u00e0 25.1.4.952",
"product": {
"name": "HBS 3 Hybrid Backup Sync",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.9.2954 build 20241120",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.0.888",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "File Station versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.4741",
"product": {
"name": "File Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.9.2954 build 20241120",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Helpdesk versions 3.3.x ant\u00e9rieurs \u00e0 3.3.3",
"product": {
"name": "Helpdesk",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuRouter versions 2.4.x ant\u00e9rieures \u00e0 2.4.6.028",
"product": {
"name": "QuRouter",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVPN Device Client versions 2.2.x ant\u00e9rieures \u00e0 2.2.5 pour Mac",
"product": {
"name": "QVPN",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.3.3006 build 20250108",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2957 build 20241119",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2956 build 20241119",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.7.x ant\u00e9rieures \u00e0 1.7.0.829",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Client versions 5.1.x ant\u00e9rieures \u00e0 5.1.3 pour Mac",
"product": {
"name": "Qsync",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.3.3006 build 20250108",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qfinder Pro Mac versions 7.11.x ant\u00e9rieures \u00e0 7.11.1",
"product": {
"name": "Qfinder",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53695"
},
{
"name": "CVE-2024-50390",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50390"
},
{
"name": "CVE-2024-53700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53700"
},
{
"name": "CVE-2024-53696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53696"
},
{
"name": "CVE-2024-53698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53698"
},
{
"name": "CVE-2024-53693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53693"
},
{
"name": "CVE-2024-53694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53694"
},
{
"name": "CVE-2024-53697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53697"
},
{
"name": "CVE-2024-48864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48864"
},
{
"name": "CVE-2024-50394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50394"
},
{
"name": "CVE-2024-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13086"
},
{
"name": "CVE-2024-53699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53699"
},
{
"name": "CVE-2024-53692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53692"
},
{
"name": "CVE-2024-50405",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50405"
},
{
"name": "CVE-2024-38638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38638"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0188",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-03",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-03"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-55",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-55"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-52",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-52"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-06",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-06"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-53",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-53"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-07",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-07"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-05",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-05"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-01",
"url": "https://www.qnap.com/go/security-advisory/qsa-25-01"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-54",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-54"
},
{
"published_at": "2025-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-51",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-51"
}
]
}
CERTFR-2024-AVI-1052
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | QuTS hero versions h5.2.x antérieures à h5.2.2.2952 build 20241116 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.9.2954 build 20241120 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.9.2954 build 20241120 | ||
| Qnap | License Center | License Center versions 1.9.x antérieures à 1.9.43 | ||
| Qnap | QTS | QTS versions 5.2.x antérieures à 5.2.2.2950 build 20241114 | ||
| Qnap | Qsync Central | Qsync Central versions 4.4.x antérieures à 4.4.0.16_20240819 ( 2024/08/19 ) |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.2.2952 build 20241116",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.9.2954 build 20241120",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.9.2954 build 20241120",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "License Center versions 1.9.x ant\u00e9rieures \u00e0 1.9.43",
"product": {
"name": "License Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.2.2950 build 20241114",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central versions 4.4.x ant\u00e9rieures \u00e0 4.4.0.16_20240819 ( 2024/08/19 )",
"product": {
"name": "Qsync Central",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50404",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50404"
},
{
"name": "CVE-2024-50403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50403"
},
{
"name": "CVE-2024-50402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50402"
},
{
"name": "CVE-2024-48866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48866"
},
{
"name": "CVE-2024-48867",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48867"
},
{
"name": "CVE-2024-48863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48863"
},
{
"name": "CVE-2024-48868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48868"
},
{
"name": "CVE-2024-48859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48859"
},
{
"name": "CVE-2024-50393",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50393"
},
{
"name": "CVE-2024-48865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48865"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2024-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-50",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-50"
},
{
"published_at": "2024-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-48",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-48"
},
{
"published_at": "2024-12-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-49",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-49"
}
]
}
CERTFR-2024-AVI-1018
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | Photo Station versions 6.4.x antérieures à 6.4.3 | ||
| Qnap | QuRouter | QuRouter versions 2.4.x antérieures à 2.4.4.106 | ||
| Qnap | QuLog Center | QuLog Center versions 1.8.x antérieures à 1.8.0.888 | ||
| Qnap | QuRouter | QuRouter versions 2.4.x antérieures à 2.4.3.103 | ||
| Qnap | QuTS hero | QuTS hero versions h5.2.x antérieures à h5.2.1.2929 build 20241025 | ||
| Qnap | N/A | Notes Station 3 versions 3.9.x antérieures à 3.9.7 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.8.2823 build 20240712 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.8.2823 build 20240712 | ||
| Qnap | N/A | Media Streaming add-on versions 500.1.x antérieures à 500.1.1.6 | ||
| Qnap | QTS | QTS versions 5.2.x antérieures à 5.2.1.2930 build 20241025 | ||
| Qnap | N/A | QNAP AI Core versions 3.4.x antérieures à 3.4.1 | ||
| Qnap | QuLog Center | QuLog Center versions 1.7.x antérieures à 1.7.0.831 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Photo Station versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuRouter versions 2.4.x ant\u00e9rieures \u00e0 2.4.4.106",
"product": {
"name": "QuRouter",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.0.888",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuRouter versions 2.4.x ant\u00e9rieures \u00e0 2.4.3.103",
"product": {
"name": "QuRouter",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.1.2929 build 20241025",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.8.2823 build 20240712",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.8.2823 build 20240712",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.1.2930 build 20241025",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP AI Core versions 3.4.x ant\u00e9rieures \u00e0 3.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.7.x ant\u00e9rieures \u00e0 1.7.0.831 ",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50397"
},
{
"name": "CVE-2024-37050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37050"
},
{
"name": "CVE-2024-38643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38643"
},
{
"name": "CVE-2024-50398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50398"
},
{
"name": "CVE-2024-37042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37042"
},
{
"name": "CVE-2024-32768",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32768"
},
{
"name": "CVE-2024-48860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48860"
},
{
"name": "CVE-2024-50399",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50399"
},
{
"name": "CVE-2024-48861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48861"
},
{
"name": "CVE-2024-48862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48862"
},
{
"name": "CVE-2024-32770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32770"
},
{
"name": "CVE-2024-37049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37049"
},
{
"name": "CVE-2024-38644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38644"
},
{
"name": "CVE-2024-37041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37041"
},
{
"name": "CVE-2024-37048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37048"
},
{
"name": "CVE-2024-50396",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50396"
},
{
"name": "CVE-2024-32767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32767"
},
{
"name": "CVE-2024-37045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37045"
},
{
"name": "CVE-2024-38647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38647"
},
{
"name": "CVE-2024-37046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37046"
},
{
"name": "CVE-2024-37047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37047"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2024-32769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32769"
},
{
"name": "CVE-2024-50400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50400"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2024-38645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38645"
},
{
"name": "CVE-2024-50395",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50395"
},
{
"name": "CVE-2024-37043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37043"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2024-38646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38646"
},
{
"name": "CVE-2024-37044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37044"
},
{
"name": "CVE-2024-50401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50401"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-44",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-44"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-36",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-36"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-37",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-37"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-39",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-39"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-47",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-47"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-40",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-40"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-46",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-46"
},
{
"published_at": "2024-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-43",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-43"
}
]
}
CERTFR-2024-AVI-0752
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2790 build 20240606 | ||
| Qnap | QTS | QTS versions 4.3.4 antérieures à 4.3.4.2814 build 20240618 | ||
| Qnap | Download Station | Download Station versions 5.8.x antérieures à 5.8.6.283 | ||
| Qnap | QTS | QTS versions 4.3.3 antérieures à 4.3.3.2784 build 20240619 | ||
| Qnap | QuMagie | QuMagie versions 2.3.x antérieures à 2.3.1 | ||
| Qnap | QTS | QTS versions 4.2.6 antérieures à 4.2.6 build 20240618 | ||
| Qnap | QTS | QTS versions 4.3.6 antérieures à 4.3.6.2805 build 20240619 | ||
| Qnap | Helpdesk | Helpdesk versions 3.3.x antérieures à 3.3.1 | ||
| Qnap | Notes Station | Notes Station 3 versions 3.9.x antérieures à 3.9.6 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.2.0.2782 build 20240601 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.2.0.2782 build 20240601 | ||
| Qnap | Music Station | Music Station versions 5.4.x antérieures à 5.4.0 | ||
| Qnap | Video Station | Video Station versions 5.8.x antérieures à 5.8.2 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2790 build 20240605 | ||
| Qnap | QuLog Center | QuLog Center versions 1.7.x.x antérieures à 1.7.0.827 | ||
| Qnap | QuLog Center | QuLog Center versions 1.8.x.x antérieures à 1.8.0.872 | ||
| Qnap | QVR | QVR Smart Client versions 2.4.x.x antérieures à 2.4.0.0570 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2790 build 20240606",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.4 ant\u00e9rieures \u00e0 4.3.4.2814 build 20240618",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Download Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.6.283",
"product": {
"name": "Download Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.3 ant\u00e9rieures \u00e0 4.3.3.2784 build 20240619",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuMagie versions 2.3.x ant\u00e9rieures \u00e0 2.3.1",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.2.6 ant\u00e9rieures \u00e0 4.2.6 build 20240618",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.6 ant\u00e9rieures \u00e0 4.3.6.2805 build 20240619",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Helpdesk versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "Helpdesk",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.6",
"product": {
"name": "Notes Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.2.0.2782 build 20240601",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.2.0.2782 build 20240601",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Music Station versions 5.4.x ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Video Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.2",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2790 build 20240605",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.7.x.x ant\u00e9rieures \u00e0 1.7.0.827",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuLog Center versions 1.8.x.x ant\u00e9rieures \u00e0 1.8.0.872",
"product": {
"name": "QuLog Center",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QVR Smart Client versions 2.4.x.x ant\u00e9rieures \u00e0 2.4.0.0570",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-27592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27592"
},
{
"name": "CVE-2023-50360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50360"
},
{
"name": "CVE-2024-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32762"
},
{
"name": "CVE-2024-21906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21906"
},
{
"name": "CVE-2024-38640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38640"
},
{
"name": "CVE-2024-53691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53691"
},
{
"name": "CVE-2023-34974",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34974"
},
{
"name": "CVE-2024-27125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27125"
},
{
"name": "CVE-2024-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32763"
},
{
"name": "CVE-2024-27126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27126"
},
{
"name": "CVE-2023-47563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47563"
},
{
"name": "CVE-2024-38641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38641"
},
{
"name": "CVE-2024-38642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38642"
},
{
"name": "CVE-2023-34979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34979"
},
{
"name": "CVE-2023-39298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39298"
},
{
"name": "CVE-2023-39300",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39300"
},
{
"name": "CVE-2023-45038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"
},
{
"name": "CVE-2024-32771",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32771"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-27122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27122"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0752",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-09T00:00:00.000000"
},
{
"description": "Ajout de l\u0027identifiant CVE-2024-53691.",
"revision_date": "2025-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-24",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-24"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-26",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-26"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-34",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-34"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-30",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-30"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-21",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-21"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-27",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-27"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-29",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-29"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-28",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-28"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-32",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-32"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-25",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-25"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-33",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-33"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-22",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-22"
},
{
"published_at": "2024-09-07",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-35",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-35"
}
]
}
CERTFR-2024-AVI-0428
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.7.2770 build 20240520",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.7.2770 build 20240520",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21902"
},
{
"name": "CVE-2024-27128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27128"
},
{
"name": "CVE-2024-27127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27127"
},
{
"name": "CVE-2024-27130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27130"
},
{
"name": "CVE-2024-27129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27129"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0428",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-23",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-23"
}
]
}
CERTFR-2024-AVI-0354
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QuTScloud versions c5.x antérieures à c5.1.5.2651 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.6.2722 build 20240402 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2627 build 20231225 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | N/A | myQNAPcloud versions 1.0.x antérieures à 1.0.52 | ||
| Qnap | N/A | Proxy Server versions 1.4.x antérieures à 1.4.6 | ||
| Qnap | N/A | myQNAPcloud Link versions 2.4.x antérieures à 2.4.51 | ||
| Qnap | N/A | Media Streaming add-on versions 500.1.x antérieures à 500.1.1.5 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.6.2734 build 20240414 | ||
| Qnap | N/A | QuFirewall versions 2.4.x antérieures à 2.4.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.5.2651",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.6.2722 build 20240402",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2627 build 20231225",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud versions 1.0.x ant\u00e9rieures \u00e0 1.0.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Proxy Server versions 1.4.x ant\u00e9rieures \u00e0 1.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud Link versions 2.4.x ant\u00e9rieures \u00e0 2.4.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.6.2734 build 20240414",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuFirewall versions 2.4.x ant\u00e9rieures \u00e0 2.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32766"
},
{
"name": "CVE-2023-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5824"
},
{
"name": "CVE-2024-27124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27124"
},
{
"name": "CVE-2023-50363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50363"
},
{
"name": "CVE-2023-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46846"
},
{
"name": "CVE-2023-46847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46847"
},
{
"name": "CVE-2023-41290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41290"
},
{
"name": "CVE-2024-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21905"
},
{
"name": "CVE-2023-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46724"
},
{
"name": "CVE-2024-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21900"
},
{
"name": "CVE-2023-41291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41291"
},
{
"name": "CVE-2023-51365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51365"
},
{
"name": "CVE-2024-21901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21901"
},
{
"name": "CVE-2024-32764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32764"
},
{
"name": "CVE-2023-50364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50364"
},
{
"name": "CVE-2024-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21899"
},
{
"name": "CVE-2023-51364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51364"
},
{
"name": "CVE-2023-50362",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50362"
},
{
"name": "CVE-2023-47222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47222"
},
{
"name": "CVE-2023-50361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50361"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0354",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-16 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-16"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-15 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-15"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-18 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-18"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-14 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-14"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-20 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-20"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-17 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-17"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-09 du 09 mars 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-09"
}
]
}
CERTFR-2024-AVI-0201
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS), et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QuTScloud versions c5.x antérieures à c5.1.5.2651 | ||
| Qnap | N/A | Photo Station versions 6.4.x antérieures à 6.4.2 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2627 build 20231225 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.4.2596 build 20231128 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.4.2596 build 20231128 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | N/A | myQNAPcloud versions 1.0.x antérieures à 1.0.52 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.5.2651",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2627 build 20231225",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.4.2596 build 20231128",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.4.2596 build 20231128",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud versions 1.0.x ant\u00e9rieures \u00e0 1.0.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34975"
},
{
"name": "CVE-2023-47221",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47221"
},
{
"name": "CVE-2024-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21900"
},
{
"name": "CVE-2024-21901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21901"
},
{
"name": "CVE-2024-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21899"
},
{
"name": "CVE-2023-32969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32969"
},
{
"name": "CVE-2023-34980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34980"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0201",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une injection de code indirecte \u00e0 distance (XSS), et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-09 du 09 mars 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-09"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-11 du 09 mars 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-11"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-12 du 09 mars 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-12"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-13 du 09 mars 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-13"
}
]
}
CERTFR-2024-AVI-0118
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
S’il n’est pas possible de procéder à l’installation d’une version corrigeant la vulnérabilité, se référer aux mesures de contournement proposées par l’éditeur à la section Mitigation.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QuTScloud versions c5.x antérieures à c5.1.5.2651 | ||
| Qnap | QTS | QTS versions 4.4.x antérieures à 4.5.4.2627 build 20231225 | ||
| Qnap | QTS | QTS versions 4.3.x antérieures à 4.3.3.2644 build 20240131 | ||
| Qnap | QTS | QTS versions 5.x.x antérieures à 5.1.5.2645 build 20240116 | ||
| Qnap | QTS | QTS versions 4.3.x postérieures à 4.3.5 et antérieures à 4.3.6.2665 build 20240131 | ||
| Qnap | QuTS hero | QuTS hero versions h5.x.x antérieures à h5.1.5.2647 build 20240118 | ||
| Qnap | QTS | QTS versions 4.2.x antérieures à 4.2.6 build 20240131 | ||
| Qnap | QTS | QTS versions 4.3.4 antérieures à 4.3.4.2675 build 20240131 | ||
| Qnap | QuTS hero | QuTS hero versions h4.x antérieures à h4.5.4.2626 build 20231225 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.5.2651",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.4.x ant\u00e9rieures \u00e0 4.5.4.2627 build 20231225",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.x ant\u00e9rieures \u00e0 4.3.3.2644 build 20240131",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.x.x ant\u00e9rieures \u00e0 5.1.5.2645 build 20240116",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.x post\u00e9rieures \u00e0 4.3.5 et ant\u00e9rieures \u00e0 4.3.6.2665 build 20240131",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.x.x ant\u00e9rieures \u00e0 h5.1.5.2647 build 20240118",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.2.x ant\u00e9rieures \u00e0 4.2.6 build 20240131",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.3.4 ant\u00e9rieures \u00e0 4.3.4.2675 build 20240131",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nS\u2019il n\u2019est pas possible de proc\u00e9der \u00e0 l\u2019installation d\u2019une version\ncorrigeant la vuln\u00e9rabilit\u00e9, se r\u00e9f\u00e9rer aux mesures de contournement\npropos\u00e9es par l\u2019\u00e9diteur \u00e0 la section *Mitigation*.\n",
"cves": [
{
"name": "CVE-2023-50358",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50358"
},
{
"name": "CVE-2023-47218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47218"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0118",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-57 du 13 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-57"
}
]
}
CERTFR-2024-AVI-0094
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | QuTS hero h4.5.x versions antérieures à QuTS hero h4.5.4.2626 build 20231225 | ||
| Qnap | N/A | Qsync Central 4.3.x versions antérieures à Qsync Central 4.3.0.11 | ||
| Qnap | QTS | QTS 5.1.x versions antérieures à QTS 5.1.5.2645 build 20240116 | ||
| Qnap | N/A | QuTScloud c5.x versions antérieures à QuTScloud c5.1.5.2651 | ||
| Qnap | QTS | QTS 5.1.x versions antérieures à QTS 5.1.2.2533 build 20230926 | ||
| Qnap | QuTS hero | QuTS hero h5.1.x versions antérieures à QuTS hero h5.1.3.2578 build 20231110 | ||
| Qnap | QuTS hero | QuTS hero h5.1.x versions antérieures à QuTS hero h5.1.5.2647 build 20240118 | ||
| Qnap | N/A | Photo Station 6.4.x versions antérieures à Photo Station 6.4.2 | ||
| Qnap | QTS | QTS 5.1.x versions antérieures à QTS 5.1.3.2578 build 20231110 | ||
| Qnap | N/A | Qsync Central 4.4.x versions antérieures à Qsync Central 4.4.0.15 | ||
| Qnap | QuTS hero | QuTS hero h5.1.x versions antérieures à QuTS hero h5.1.4.2596 build 20231128 | ||
| Qnap | QuTS hero | QuTS hero h5.1.x versions antérieures à QuTS hero h5.1.2.2534 build 20230927 | ||
| Qnap | QTS | QTS 5.1.x versions antérieures à QTS 5.1.4.2596 build 20231128 | ||
| Qnap | QTS | QTS 4.5.x versions antérieures à QTS 4.5.4.2627 build 20231225 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 QuTS hero h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central 4.3.x versions ant\u00e9rieures \u00e0 Qsync Central 4.3.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.5.2645 build 20240116",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTScloud c5.x versions ant\u00e9rieures \u00e0 QuTScloud c5.1.5.2651",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.2.2533 build 20230926",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.3.2578 build 20231110",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.5.2647 build 20240118",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Photo Station 6.4.x versions ant\u00e9rieures \u00e0 Photo Station 6.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.3.2578 build 20231110",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qsync Central 4.4.x versions ant\u00e9rieures \u00e0 Qsync Central 4.4.0.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.4.2596 build 20231128",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 QuTS hero h5.1.2.2534 build 20230927",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 5.1.x versions ant\u00e9rieures \u00e0 QTS 5.1.4.2596 build 20231128",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS 4.5.x versions ant\u00e9rieures \u00e0 QTS 4.5.4.2627 build 20231225",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-41276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41276"
},
{
"name": "CVE-2023-50359",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50359"
},
{
"name": "CVE-2023-41279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41279"
},
{
"name": "CVE-2023-41275",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41275"
},
{
"name": "CVE-2023-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47561"
},
{
"name": "CVE-2023-39297",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39297"
},
{
"name": "CVE-2023-47562",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47562"
},
{
"name": "CVE-2023-47566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47566"
},
{
"name": "CVE-2023-32967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32967"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-45036",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45036"
},
{
"name": "CVE-2023-41278",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41278"
},
{
"name": "CVE-2023-45035",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45035"
},
{
"name": "CVE-2023-47564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47564"
},
{
"name": "CVE-2023-41292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41292"
},
{
"name": "CVE-2023-41273",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41273"
},
{
"name": "CVE-2023-45028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45028"
},
{
"name": "CVE-2023-47568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47568"
},
{
"name": "CVE-2023-41283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41283"
},
{
"name": "CVE-2023-45025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45025"
},
{
"name": "CVE-2023-39302",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39302"
},
{
"name": "CVE-2023-39303",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39303"
},
{
"name": "CVE-2023-41277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41277"
},
{
"name": "CVE-2023-41281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41281"
},
{
"name": "CVE-2023-41282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41282"
},
{
"name": "CVE-2023-41274",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41274"
},
{
"name": "CVE-2023-45037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45037"
},
{
"name": "CVE-2023-45027",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45027"
},
{
"name": "CVE-2023-47567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47567"
},
{
"name": "CVE-2023-45026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45026"
},
{
"name": "CVE-2023-41280",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41280"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0094",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-30 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-30"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-06 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-46 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-46"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-08 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-08"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-03 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-53 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-53"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-33 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-33"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-01 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-05 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-04 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-38 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-38"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-02 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-07 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-24-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-47 du 03 f\u00e9vrier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-47"
}
]
}
CERTFR-2024-AVI-0011
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QcalAgent versions 1.1.x antérieures à 1.1.8 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.4.2596 build 20231128 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.4.2596 build 20231128 | ||
| Qnap | Video Station | Video Station versions 5.7.x antérieures à 5.7.2 | ||
| Qnap | QuMagie | QuMagie versions 2.2.x antérieures à 2.2.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QcalAgent versions 1.1.x ant\u00e9rieures \u00e0 1.1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.4.2596 build 20231128",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.4.2596 build 20231128",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Video Station versions 5.7.x ant\u00e9rieures \u00e0 5.7.2",
"product": {
"name": "Video Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuMagie versions 2.2.x ant\u00e9rieures \u00e0 2.2.1",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-41288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41288"
},
{
"name": "CVE-2022-43634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43634"
},
{
"name": "CVE-2023-45041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45041"
},
{
"name": "CVE-2023-47560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47560"
},
{
"name": "CVE-2023-45039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45039"
},
{
"name": "CVE-2023-45043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45043"
},
{
"name": "CVE-2023-47559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47559"
},
{
"name": "CVE-2023-41287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41287"
},
{
"name": "CVE-2023-39296",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39296"
},
{
"name": "CVE-2023-45044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45044"
},
{
"name": "CVE-2023-39294",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39294"
},
{
"name": "CVE-2023-45042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45042"
},
{
"name": "CVE-2023-47219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47219"
},
{
"name": "CVE-2023-41289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41289"
},
{
"name": "CVE-2023-45040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45040"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-32 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-32"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-23 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-23"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-54 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-54"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-34 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-34"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-27 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-27"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-22 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-22"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-64 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-64"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-23-55 du 06 janvier 2024",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-55"
}
]
}
CERTFR-2023-AVI-1011
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuTS hero | Qnap QuTS hero h5.0.x versions antérieures à h5.0.1.2515 build 20230907 | ||
| Qnap | QTS | Qnap QTS 5.0.x versions antérieures à 5.0.1.2514 build 20230906 | ||
| Qnap | QTS | Qnap QTS 4.5.x versions antérieures à 4.5.4.2467 build 20230718 | ||
| Qnap | QTS | Qnap QTS 5.1.x versions antérieures à 5.1.3.2578 build 20231110 | ||
| Qnap | QVR | Qnap QVR Firmware 4.x versions antérieures à 5.x | ||
| Qnap | QuTS hero | Qnap QuTS hero h5.1.x versions antérieures à h5.1.3.2578 build 20231110 | ||
| Qnap | QuTS hero | Qnap QuTS hero h4.5.x versions antérieures à h4.5.4.2476 build 20230728 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Qnap QuTS hero h5.0.x versions ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS 5.0.x versions ant\u00e9rieures \u00e0 5.0.1.2514 build 20230906",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS 4.5.x versions ant\u00e9rieures \u00e0 4.5.4.2467 build 20230718",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS 5.1.x versions ant\u00e9rieures \u00e0 5.1.3.2578 build 20231110",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QVR Firmware 4.x versions ant\u00e9rieures \u00e0 5.x",
"product": {
"name": "QVR",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero h5.1.x versions ant\u00e9rieures \u00e0 h5.1.3.2578 build 20231110",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero h4.5.x versions ant\u00e9rieures \u00e0 h4.5.4.2476 build 20230728",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2023-42670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42670"
},
{
"name": "CVE-2023-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4154"
},
{
"name": "CVE-2023-23372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23372"
},
{
"name": "CVE-2023-3961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3961"
},
{
"name": "CVE-2023-32975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32975"
},
{
"name": "CVE-2023-32968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32968"
},
{
"name": "CVE-2023-47565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47565"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-07 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-40 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-40"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-48 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-48"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-20 du 09 d\u00e9cembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-20"
}
]
}
CERTFR-2023-AVI-0931
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | QuMagie | Qnap QuMagie versions 2.1.x antérieures à 2.1.4 | ||
| Qnap | QTS | Qnap QTS versions 5.0.x antérieures à 5.0.1.2376 build 20230421 | ||
| Qnap | N/A | QNap QuTScloud versions c5.x antérieures à c5.1.0.2498 | ||
| Qnap | QuTS hero | Qnap QuTS hero versions h5.0.x antérieures à h5.0.1.2376 build 20230421 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Qnap QuMagie versions 2.1.x ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "QuMagie",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QTS versions 5.0.x ant\u00e9rieures \u00e0 5.0.1.2376 build 20230421",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNap QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.0.2498",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Qnap QuTS hero versions h5.0.x ant\u00e9rieures \u00e0 h5.0.1.2376 build 20230421",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23367"
},
{
"name": "CVE-2023-39295",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39295"
},
{
"name": "CVE-2023-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41284"
},
{
"name": "CVE-2023-41285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41285"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0931",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-24 du 11 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-24"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-50 du 11 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-50"
}
]
}
CERTFR-2023-AVI-0915
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | Music Station | QNAP Music Station versions 5.1.x antérieures à 5.1.16 | ||
| Qnap | QuTS hero | QNAP QuTS hero versions h4.5.x antérieures à h4.5.4.2374 build 20230417 | ||
| Qnap | QTS | QNAP QTS versions 5.0.x antérieures à 5.0.1.2514 build 20230906 | ||
| Qnap | QTS | QNAP QTS versions 4.2.x antérieures à 4.2.6 build 20230621 | ||
| Qnap | QTS | QNAP QTS versions 4.3.3.x antérieures à 4.3.3.2420 build 20230621 | ||
| Qnap | QTS | QNAP QTS versions 4.5.x antérieures à 4.5.4.2374 build 20230416 | ||
| Qnap | N/A | QNAP QuTScloud versions c5.x antérieures à c5.1.0.2498 | ||
| Qnap | N/A | QNAP Media Streaming add-on versions 500.0.x antérieures à 500.0.0.11 | ||
| Qnap | N/A | QNAP Multimedia Console versions 2.1.x antérieures à 2.1.2 | ||
| Qnap | N/A | QNAP Media Streaming add-on versions 500.1.x antérieures à 500.1.1.2 | ||
| Qnap | Music Station | QNAP Music Station versions 5.3.x antérieures à 5.3.23 | ||
| Qnap | N/A | QNAP Multimedia Console versions 1.4.x antérieures à 1.4.8 | ||
| Qnap | QuTS hero | QNAP QuTS hero versions h5.0.x antérieures à h5.0.1.2515 build 20230907 | ||
| Qnap | QTS | QNAP QTS versions 5.1.x antérieures à 5.1.1.2491 build 20230815 | ||
| Qnap | Music Station | QNAP Music Station versions 4.8.x antérieures à 4.8.11 | ||
| Qnap | QuTS hero | QNAP QuTS hero versions h5.1.x antérieures à h5.1.1.2488 build 20230812 | ||
| Qnap | QTS | QNAP QTS versions 4.3.6.x antérieures à 4.3.6.2441 build 20230621 | ||
| Qnap | QTS | QNAP QTS versions 4.3.4.x antérieures à 4.3.4.2451 build 20230621 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QNAP Music Station versions 5.1.x ant\u00e9rieures \u00e0 5.1.16",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2374 build 20230417",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 5.0.x ant\u00e9rieures \u00e0 5.0.1.2514 build 20230906",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.2.x ant\u00e9rieures \u00e0 4.2.6 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.3.3.x ant\u00e9rieures \u00e0 4.3.3.2420 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2374 build 20230416",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.0.2498",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Media Streaming add-on versions 500.0.x ant\u00e9rieures \u00e0 500.0.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Multimedia Console versions 2.1.x ant\u00e9rieures \u00e0 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Music Station versions 5.3.x ant\u00e9rieures \u00e0 5.3.23",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Multimedia Console versions 1.4.x ant\u00e9rieures \u00e0 1.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTS hero versions h5.0.x ant\u00e9rieures \u00e0 h5.0.1.2515 build 20230907",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.1.2491 build 20230815",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP Music Station versions 4.8.x ant\u00e9rieures \u00e0 4.8.11",
"product": {
"name": "Music Station",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.1.2488 build 20230812",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.3.6.x ant\u00e9rieures \u00e0 4.3.6.2441 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QNAP QTS versions 4.3.4.x ant\u00e9rieures \u00e0 4.3.4.2451 build 20230621",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-39299",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39299"
},
{
"name": "CVE-2023-39301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39301"
},
{
"name": "CVE-2023-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23368"
},
{
"name": "CVE-2023-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23369"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0915",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-31 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-31"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-61 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-61"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-51 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-51"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-35 du 04 novembre 2023",
"url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-35"
}
]
}