What are you looking for ?
Advertise with us
Advertise with us

Qnap Six Security Advisories on Resolved Vulnerabilities

In Netatalk, QuMagie, QTS and QuTS hero NAS OSs, QcalAgent, and Video Station

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of its products.

Use the following information and solutions to correct the security issues and vulnerabilities.

This advisory includes the following:

 

Vulnerability in Netatalk  
Security ID: QSA-23-22
Release date: January 6, 2024
CVE identifier: CVE-2022-43634
Severity: High
Status: Resolved
Affected products: QTS 5.1.x, QuTS hero h5.1.x

Summary
A vulnerability has been reported in Netatalk which affects certain Qnap OSs versions.

The company have already fixed vulnerability in following versions:

Affected product

Fixed version

QTS 5.1.x

QTS 5.1.3.2578 build 20231110 and later

QuTS hero h5.1.x

QuTS hero h5.1.3.2578 build 20231110 and later

Learn more

Multiple Vulnerabilities in QuMagie    
Security ID: QSA-23-23
Release date: January 6, 2024
CVE identifier: CVE-2023-47559 | CVE-2023-47560
Severity: High
Status: Resolved
Affected products: QuMagie 2.2.x

Summary:

Two vulnerabilities have been reported to affect QuMagie:

  • CVE-2023-47559: If exploited, the cross-site scripting (XSS) vulnerability could allow authenticated users to inject malicious code via a network.

  • CVE-2023-47560: If exploited, the OS command injection vulnerability could allow authenticated users to execute commands via a network.

The company have already fixed vulnerabilities in following version:

Affected product

Fixed version

QuMagie 2.2.x

QuMagie 2.2.1 and later

Learn more

Multiple Vulnerabilities in QTS and QuTS hero    
Security ID: QSA-23-27
Release date: January 6, 2024
CVE identifier: CVE-2023-45039 | CVE-2023-45040 | CVE-2023-45041 | CVE-2023-45042 | CVE-2023-45043 | CVE-2023-45044
Severity: Low
Status: Resolved
Affected products: QTS 5.1.x, QuTS hero h5.1.x

Summary:
Multiple buffer copy without checking size of input vulnerabilities have been reported to affect certain Qnap OSs versions. If exploited, the vulnerabilities could allow authenticated administrators to execute code via a network.

The company have already fixed vulnerabilities in following versions:

Affected product

Fixed version

QTS 5.1.x

QTS 5.1.4.2596 build 20231128 and later

QuTS hero h5.1.x

QuTS hero h5.1.4.2596 build 20231128 and later

 Learn more

Vulnerability in QuMagie    
Security ID: QSA-23-32
Release date: January 6, 2024
CVE identifier: CVE-2023-47219
Severity: Low
Status: Resolved
Affected products: QuMagie 2.2.x

Summary :
An SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.

The company have already fixed vulnerability in following version:

Affected product

Fixed version

QuMagie 2.2.x

QuMagie 2.2.1 and later

 Learn more

Vulnerability in QcalAgent    
Security ID: QSA-23-34
Release date: January 6, 2024
CVE identifier: CVE-2023-41289
Severity: Medium
Status: Resolved
Affected products: QcalAgent 1.1.x

Summary:
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network.

The company have already fixed vulnerability in following version:

Affected product

Fixed version

QcalAgent 1.1.x

QcalAgent 1.1.8 and later

 Learn more

Vulnerability in QTS and QuTS hero     
Security ID: QSA-23-54
Release date: January 6, 2024
CVE identifier: CVE-2023-39294
Severity: Medium
Status: Resolved
Affected products: QTS 5.1.x, QuTS hero h5.1.x

Summary:
An OS command injection vulnerability has been reported to affect certain Qnap
OSs versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

The company have already fixed vulnerability in following version:

Affected product

Fixed version

QTS 5.1.x

QTS 5.1.3.2578 build 20231110 and later

QuTS hero h5.1.x

QuTS hero h5.1.3.2578 build 20231110 and later

 Learn more

Multiple Vulnerabilities in Video Station    
Security ID: QSA-23-55
Release date: January 6, 2024
CVE identifier: CVE-2023-41287 | CVE-2023-41288
Severity: High
Status: Resolved
Affected products: Video Station 5.7.x

Summary:
Multiple vulnerabilities have been reported to affect Video Station:

  • CVE-2023-41287: If exploited, the SQL injection vulnerability could allow users to inject malicious code via a network.

  • CVE-2023-41288: If exploited, the OS command injection vulnerability could allow users to execute commands via a network.

The company have already fixed vulnerability in following version:

Affected product

Fixed version

Video Station 5.7.x

Video Station 5.7.2 (2023/11/23) and later

 Learn more

 

Vulnerability in QTS and QuTS hero    
Security ID: QSA-23-64
Release date: January 6, 2024
CVE identifier: CVE-2023-39296
Severity: High
Status: Resolved
Affected products: QTS 5.1.x, QuTS hero h5.1.x

Summary:
A prototype pollution vulnerability has been reported to affect certain Qnap
OSs versions. If exploited, the vulnerability could allow remote users to override existing attributes with ones that have an incompatible type, which may cause the system to crash.

The company have already fixed vulnerability in following version:

Affected product

Fixed version

QTS 5.1.x

QTS 5.1.3.2578 build 20231110 and later

QuTS hero h5.1.x

QuTS hero h5.1.3.2578 build 20231110 and later

 Learn more

Contact: questions regarding this issue

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E