Skip to content
This repository was archived by the owner on Jun 10, 2025. It is now read-only.

QSA-23-04 #9232

Open
stanleyshuang wants to merge 1 commit into
base: master
Choose a base branch
from
Open

QSA-23-04 #9232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 87 additions & 6 deletions 2022/27xxx/CVE-2022-27595.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,99 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2023-07-28T05:45:00.000Z",
"ID": "CVE-2022-27595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "QVPN Device Client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QVPN Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.0.0.1316"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Runzi Zhao, Security Researcher, QI-ANXIN"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An uncontrolled search path element vulnerability has been reported to affect product. If exploited, the vulnerability allows local authenticated users to execute arbitrary code through insecure library loading. The vulnerability affects the following product:\nQVPN Device Client\n\nWe have already fixed the vulnerability in the following versions:\nQVPN Windows 2.0.0.1316 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-23-04"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed the vulnerability in the following versions:\nQVPN Windows 2.0.0.1316 and later\n"
}
],
"source": {
"advisory": "QSA-23-04",
"discovery": "EXTERNAL"
}
}
133 changes: 127 additions & 6 deletions 2022/27xxx/CVE-2022-27600.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,139 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"ID": "CVE-2022-27600",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.0.1.2277 build 20230112"
},
{
"version_affected": "<",
"version_value": "4.5.4.2280 build 20230112"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "h5.0.1.2277 build 20230112"
},
{
"version_affected": "<",
"version_value": "h4.5.4.2374 build 20230417"
}
]
}
},
{
"product_name": "QuTScloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "c5.0.1.2374"
}
]
}
},
{
"product_name": "QVR Pro Appliance",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.3.1.0476"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "huasheng_mangguo"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An uncontrolled resource consumption vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote users to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 build 20230112 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\nQVR Pro Appliance 2.3.1.0476 and later\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/qsa-23-09"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\nQVR Pro Appliance 2.3.1.0476 and later\n"
}
],
"source": {
"advisory": "QSA-23-09",
"discovery": "EXTERNAL"
}
}