Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for QuLog Center by Qnap

    CERTFR-2025-AVI-0981

    Vulnerability from certfr_avis - Published: 2025-11-10 - Updated: 2025-11-10

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une injection SQL (SQLi).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap N/A QuMagie versions 2.6.x et 2.7.x antérieures à 2.7.3
    Qnap Hybrid Backup Sync HBS 3 Hybrid Backup Sync versions 26.x antérieures à 26.2.0.938
    Qnap N/A Notification Center versions 1.9.x pour QTS 5.2.x et QuTS hero h5.2.x antérieures à 1.9.2.3163
    Qnap N/A Hyper Data Protector versions 2.2.x antérieures à 2.2.4.1
    Qnap N/A Notification Center versions 3.0.x pour QuTS hero h5.6.x et QuTS hero h6.0.x antérieures à 3.0.0.3466
    Qnap N/A Malware Remover versions 6.6.x antérieures à 6.6.8.20251023
    Qnap N/A Download Station versions 5.10.x pour QTS 5.2.1 antérieures à 5.10.0.305 ( 2025/09/16 )
    Qnap QuTS hero QuTS hero versions h5.3.x antérieures à h5.3.1.3292 build 20251024
    Qnap QuLog Center QuLog Center versions 1.8.x antérieures à 1.8.2.923 ( 2025/08/27 )
    Qnap N/A Download Station versions 5.10.x pour QuTS hero h5.2.1 antérieures à 5.10.0.304 ( 2025/09/08 )
    Qnap QTS QTS versions 5.2.x antérieures à QTS 5.2.7.3297 build 20251024
    Qnap QuTS hero QuTS hero versions h5.2.x antérieures à h5.2.7.3297 build 20251024
    Qnap File Station File Station 5 versions 5.5.x antérieures à 5.5.6.5018
    Qnap N/A Qsync Central versions 5.0.x antérieures à 5.0.0.3 ( 2025/08/28 )
    Qnap N/A Notification Center versions 2.1.x pour QuTS hero h5.3.x antérieures à 2.1.0.3443
    References
    Bulletin de sécurité Qnap QSA-25-37 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-45 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-48 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-40 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-43 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-38 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-41 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-47 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-33 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-42 2025-11-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-46 2025-11-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QuMagie versions 2.6.x et 2.7.x ant\u00e9rieures \u00e0 2.7.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "HBS 3 Hybrid Backup Sync versions 26.x ant\u00e9rieures \u00e0 26.2.0.938",
          "product": {
            "name": "Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notification Center versions 1.9.x pour QTS 5.2.x et QuTS hero h5.2.x ant\u00e9rieures \u00e0 1.9.2.3163",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Hyper Data Protector versions 2.2.x ant\u00e9rieures \u00e0 2.2.4.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notification Center versions 3.0.x pour QuTS hero h5.6.x et QuTS hero h6.0.x ant\u00e9rieures \u00e0 3.0.0.3466",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Malware Remover versions 6.6.x ant\u00e9rieures \u00e0 6.6.8.20251023",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Download Station versions 5.10.x pour QTS 5.2.1  ant\u00e9rieures \u00e0 5.10.0.305 ( 2025/09/16 )",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.3.x ant\u00e9rieures \u00e0 h5.3.1.3292 build 20251024",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.2.923 ( 2025/08/27 )",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Download Station versions 5.10.x  pour QuTS hero h5.2.1 ant\u00e9rieures \u00e0 5.10.0.304 ( 2025/09/08 )",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 QTS 5.2.7.3297 build 20251024",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.7.3297 build 20251024",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.5018",
          "product": {
            "name": "File Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Qsync Central versions 5.0.x ant\u00e9rieures \u00e0 5.0.0.3 ( 2025/08/28 )",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notification Center versions 2.1.x pour QuTS hero h5.3.x ant\u00e9rieures \u00e0 2.1.0.3443",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-57712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57712"
        },
        {
          "name": "CVE-2025-47207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47207"
        },
        {
          "name": "CVE-2025-53413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53413"
        },
        {
          "name": "CVE-2025-53411",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53411"
        },
        {
          "name": "CVE-2025-58469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58469"
        },
        {
          "name": "CVE-2025-62849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62849"
        },
        {
          "name": "CVE-2025-54167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54167"
        },
        {
          "name": "CVE-2025-62842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62842"
        },
        {
          "name": "CVE-2025-59389",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59389"
        },
        {
          "name": "CVE-2025-57706",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-57706"
        },
        {
          "name": "CVE-2025-58463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58463"
        },
        {
          "name": "CVE-2025-53409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53409"
        },
        {
          "name": "CVE-2025-53408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53408"
        },
        {
          "name": "CVE-2025-53412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53412"
        },
        {
          "name": "CVE-2025-58465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58465"
        },
        {
          "name": "CVE-2025-54168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54168"
        },
        {
          "name": "CVE-2025-52865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52865"
        },
        {
          "name": "CVE-2025-53410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-53410"
        },
        {
          "name": "CVE-2025-52425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-52425"
        },
        {
          "name": "CVE-2025-58464",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58464"
        },
        {
          "name": "CVE-2025-62847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62847"
        },
        {
          "name": "CVE-2025-11837",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-11837"
        },
        {
          "name": "CVE-2025-62848",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62848"
        },
        {
          "name": "CVE-2025-62840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-62840"
        }
      ],
      "initial_release_date": "2025-11-10T00:00:00",
      "last_revision_date": "2025-11-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0981",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-11-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        },
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Injection SQL (SQLi)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une injection SQL (SQLi).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-37",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-37"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-45",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-45"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-48",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-48"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-40",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-40"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-43",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-43"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-38",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-38"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-41",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-41"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-47",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-47"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-33",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-33"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-42",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-42"
        },
        {
          "published_at": "2025-11-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-46",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-46"
        }
      ]
    }

    CERTFR-2025-AVI-0188

    Vulnerability from certfr_avis - Published: 2025-03-10 - Updated: 2025-03-10

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap HBS 3 Hybrid Backup Sync HBS 3 Hybrid Backup Sync versions 25.1.x antérieures à 25.1.4.952
    Qnap QuTS hero QuTS hero versions h5.1.x antérieures à h5.1.9.2954 build 20241120
    Qnap QuLog Center QuLog Center versions 1.8.x antérieures à 1.8.0.888
    Qnap File Station File Station versions 5.5.x antérieures à 5.5.6.4741
    Qnap QTS QTS versions 5.1.x antérieures à 5.1.9.2954 build 20241120
    Qnap Helpdesk Helpdesk versions 3.3.x antérieurs à 3.3.3
    Qnap QuRouter QuRouter versions 2.4.x antérieures à 2.4.6.028
    Qnap QVPN QVPN Device Client versions 2.2.x antérieures à 2.2.5 pour Mac
    Qnap QTS QTS versions 5.2.x antérieures à 5.2.3.3006 build 20250108
    Qnap QTS QTS versions 4.5.x antérieures à 4.5.4.2957 build 20241119
    Qnap QuTS hero QuTS hero versions h4.5.x antérieures à h4.5.4.2956 build 20241119
    Qnap QuLog Center QuLog Center versions 1.7.x antérieures à 1.7.0.829
    Qnap Qsync Qsync Client versions 5.1.x antérieures à 5.1.3 pour Mac
    Qnap QuTS hero QuTS hero versions h5.2.x antérieures à h5.2.3.3006 build 20250108
    Qnap Qfinder Qfinder Pro Mac versions 7.11.x antérieures à 7.11.1
    References
    Bulletin de sécurité Qnap QSA-25-03 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-55 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-52 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-06 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-53 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-07 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-05 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-25-01 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-54 2025-03-08 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-51 2025-03-08 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "HBS 3 Hybrid Backup Sync versions 25.1.x ant\u00e9rieures \u00e0 25.1.4.952",
          "product": {
            "name": "HBS 3 Hybrid Backup Sync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.9.2954 build 20241120",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.0.888",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "File Station versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.4741",
          "product": {
            "name": "File Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.9.2954 build 20241120",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Helpdesk versions 3.3.x ant\u00e9rieurs \u00e0 3.3.3",
          "product": {
            "name": "Helpdesk",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuRouter versions 2.4.x ant\u00e9rieures \u00e0 2.4.6.028",
          "product": {
            "name": "QuRouter",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QVPN Device Client versions 2.2.x ant\u00e9rieures \u00e0 2.2.5 pour Mac",
          "product": {
            "name": "QVPN",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.3.3006 build 20250108",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2957 build 20241119",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2956 build 20241119",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.7.x ant\u00e9rieures \u00e0 1.7.0.829",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Qsync Client versions 5.1.x ant\u00e9rieures \u00e0 5.1.3 pour Mac",
          "product": {
            "name": "Qsync",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.3.3006 build 20250108",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Qfinder Pro Mac versions 7.11.x ant\u00e9rieures \u00e0 7.11.1",
          "product": {
            "name": "Qfinder",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-53695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53695"
        },
        {
          "name": "CVE-2024-50390",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50390"
        },
        {
          "name": "CVE-2024-53700",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53700"
        },
        {
          "name": "CVE-2024-53696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53696"
        },
        {
          "name": "CVE-2024-53698",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53698"
        },
        {
          "name": "CVE-2024-53693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53693"
        },
        {
          "name": "CVE-2024-53694",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53694"
        },
        {
          "name": "CVE-2024-53697",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53697"
        },
        {
          "name": "CVE-2024-48864",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48864"
        },
        {
          "name": "CVE-2024-50394",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50394"
        },
        {
          "name": "CVE-2024-13086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-13086"
        },
        {
          "name": "CVE-2024-53699",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53699"
        },
        {
          "name": "CVE-2024-53692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53692"
        },
        {
          "name": "CVE-2024-50405",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50405"
        },
        {
          "name": "CVE-2024-38638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38638"
        }
      ],
      "initial_release_date": "2025-03-10T00:00:00",
      "last_revision_date": "2025-03-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0188",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-03-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-03",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-03"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-55",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-55"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-52",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-52"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-06",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-06"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-53",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-53"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-07",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-07"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-05",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-05"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-01",
          "url": "https://www.qnap.com/go/security-advisory/qsa-25-01"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-54",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-54"
        },
        {
          "published_at": "2025-03-08",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-51",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-51"
        }
      ]
    }

    CERTFR-2024-AVI-1018

    Vulnerability from certfr_avis - Published: 2024-11-25 - Updated: 2024-11-25

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap N/A Photo Station versions 6.4.x antérieures à 6.4.3
    Qnap QuRouter QuRouter versions 2.4.x antérieures à 2.4.4.106
    Qnap QuLog Center QuLog Center versions 1.8.x antérieures à 1.8.0.888
    Qnap QuRouter QuRouter versions 2.4.x antérieures à 2.4.3.103
    Qnap QuTS hero QuTS hero versions h5.2.x antérieures à h5.2.1.2929 build 20241025
    Qnap N/A Notes Station 3 versions 3.9.x antérieures à 3.9.7
    Qnap QuTS hero QuTS hero versions h5.1.x antérieures à h5.1.8.2823 build 20240712
    Qnap QTS QTS versions 5.1.x antérieures à 5.1.8.2823 build 20240712
    Qnap N/A Media Streaming add-on versions 500.1.x antérieures à 500.1.1.6
    Qnap QTS QTS versions 5.2.x antérieures à 5.2.1.2930 build 20241025
    Qnap N/A QNAP AI Core versions 3.4.x antérieures à 3.4.1
    Qnap QuLog Center QuLog Center versions 1.7.x antérieures à 1.7.0.831
    References
    Bulletin de sécurité Qnap QSA-24-44 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-36 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-37 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-39 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-47 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-40 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-46 2024-11-23 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-43 2024-11-23 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Photo Station versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuRouter versions 2.4.x ant\u00e9rieures \u00e0 2.4.4.106",
          "product": {
            "name": "QuRouter",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.8.x ant\u00e9rieures \u00e0 1.8.0.888",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuRouter versions 2.4.x ant\u00e9rieures \u00e0 2.4.3.103",
          "product": {
            "name": "QuRouter",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.1.2929 build 20241025",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.7",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.8.2823 build 20240712",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.8.2823 build 20240712",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.1.2930 build 20241025",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QNAP AI Core versions 3.4.x ant\u00e9rieures \u00e0 3.4.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.7.x ant\u00e9rieures \u00e0 1.7.0.831 ",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2024-50397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50397"
        },
        {
          "name": "CVE-2024-37050",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37050"
        },
        {
          "name": "CVE-2024-38643",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38643"
        },
        {
          "name": "CVE-2024-50398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50398"
        },
        {
          "name": "CVE-2024-37042",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37042"
        },
        {
          "name": "CVE-2024-32768",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32768"
        },
        {
          "name": "CVE-2024-48860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48860"
        },
        {
          "name": "CVE-2024-50399",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50399"
        },
        {
          "name": "CVE-2024-48861",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48861"
        },
        {
          "name": "CVE-2024-48862",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48862"
        },
        {
          "name": "CVE-2024-32770",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32770"
        },
        {
          "name": "CVE-2024-37049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37049"
        },
        {
          "name": "CVE-2024-38644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38644"
        },
        {
          "name": "CVE-2024-37041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37041"
        },
        {
          "name": "CVE-2024-37048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37048"
        },
        {
          "name": "CVE-2024-50396",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50396"
        },
        {
          "name": "CVE-2024-32767",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32767"
        },
        {
          "name": "CVE-2024-37045",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37045"
        },
        {
          "name": "CVE-2024-38647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38647"
        },
        {
          "name": "CVE-2024-37046",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37046"
        },
        {
          "name": "CVE-2024-37047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37047"
        },
        {
          "name": "CVE-2023-38408",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
        },
        {
          "name": "CVE-2024-32769",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32769"
        },
        {
          "name": "CVE-2024-50400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50400"
        },
        {
          "name": "CVE-2020-14145",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
        },
        {
          "name": "CVE-2024-38645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38645"
        },
        {
          "name": "CVE-2024-50395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50395"
        },
        {
          "name": "CVE-2024-37043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37043"
        },
        {
          "name": "CVE-2021-41617",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
        },
        {
          "name": "CVE-2024-38646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38646"
        },
        {
          "name": "CVE-2024-37044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37044"
        },
        {
          "name": "CVE-2024-50401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-50401"
        }
      ],
      "initial_release_date": "2024-11-25T00:00:00",
      "last_revision_date": "2024-11-25T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-1018",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-11-25T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-44",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-44"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-36",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-36"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-37",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-37"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-39",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-39"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-47",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-47"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-40",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-40"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-46",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-46"
        },
        {
          "published_at": "2024-11-23",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-43",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-43"
        }
      ]
    }

    CERTFR-2024-AVI-0752

    Vulnerability from certfr_avis - Published: 2024-09-09 - Updated: 2025-01-21

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Qnap QuTS hero QuTS hero versions h4.5.x antérieures à h4.5.4.2790 build 20240606
    Qnap QTS QTS versions 4.3.4 antérieures à 4.3.4.2814 build 20240618
    Qnap Download Station Download Station versions 5.8.x antérieures à 5.8.6.283
    Qnap QTS QTS versions 4.3.3 antérieures à 4.3.3.2784 build 20240619
    Qnap QuMagie QuMagie versions 2.3.x antérieures à 2.3.1
    Qnap QTS QTS versions 4.2.6 antérieures à 4.2.6 build 20240618
    Qnap QTS QTS versions 4.3.6 antérieures à 4.3.6.2805 build 20240619
    Qnap Helpdesk Helpdesk versions 3.3.x antérieures à 3.3.1
    Qnap Notes Station Notes Station 3 versions 3.9.x antérieures à 3.9.6
    Qnap QTS QTS versions 5.1.x antérieures à 5.2.0.2782 build 20240601
    Qnap QuTS hero QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225
    Qnap QuTS hero QuTS hero versions h5.1.x antérieures à h5.2.0.2782 build 20240601
    Qnap Music Station Music Station versions 5.4.x antérieures à 5.4.0
    Qnap Video Station Video Station versions 5.8.x antérieures à 5.8.2
    Qnap QTS QTS versions 4.5.x antérieures à 4.5.4.2790 build 20240605
    Qnap QuLog Center QuLog Center versions 1.7.x.x antérieures à 1.7.0.827
    Qnap QuLog Center QuLog Center versions 1.8.x.x antérieures à 1.8.0.872
    Qnap QVR QVR Smart Client versions 2.4.x.x antérieures à 2.4.0.0570
    References
    Bulletin de sécurité Qnap QSA-24-24 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-26 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-34 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-30 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-21 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-27 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-29 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-28 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-32 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-25 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-33 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-22 2024-09-07 vendor-advisory
    Bulletin de sécurité Qnap QSA-24-35 2024-09-07 vendor-advisory

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2790 build 20240606",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.3.4 ant\u00e9rieures \u00e0 4.3.4.2814 build 20240618",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Download Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.6.283",
          "product": {
            "name": "Download Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.3.3 ant\u00e9rieures \u00e0 4.3.3.2784 build 20240619",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuMagie versions 2.3.x ant\u00e9rieures \u00e0 2.3.1",
          "product": {
            "name": "QuMagie",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.2.6 ant\u00e9rieures \u00e0 4.2.6 build 20240618",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.3.6 ant\u00e9rieures \u00e0 4.3.6.2805 build 20240619",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Helpdesk versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
          "product": {
            "name": "Helpdesk",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Notes Station 3 versions 3.9.x ant\u00e9rieures \u00e0 3.9.6",
          "product": {
            "name": "Notes Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.2.0.2782 build 20240601",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.2.0.2782 build 20240601",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Music Station versions 5.4.x ant\u00e9rieures \u00e0 5.4.0",
          "product": {
            "name": "Music Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Video Station versions 5.8.x ant\u00e9rieures \u00e0 5.8.2",
          "product": {
            "name": "Video Station",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2790 build 20240605",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.7.x.x ant\u00e9rieures \u00e0 1.7.0.827",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions 1.8.x.x ant\u00e9rieures \u00e0 1.8.0.872",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QVR Smart Client versions 2.4.x.x ant\u00e9rieures \u00e0 2.4.0.0570",
          "product": {
            "name": "QVR",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2022-27592",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27592"
        },
        {
          "name": "CVE-2023-50360",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-50360"
        },
        {
          "name": "CVE-2024-32762",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32762"
        },
        {
          "name": "CVE-2024-21906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21906"
        },
        {
          "name": "CVE-2024-38640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38640"
        },
        {
          "name": "CVE-2024-53691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-53691"
        },
        {
          "name": "CVE-2023-34974",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34974"
        },
        {
          "name": "CVE-2024-27125",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27125"
        },
        {
          "name": "CVE-2024-32763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32763"
        },
        {
          "name": "CVE-2024-27126",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27126"
        },
        {
          "name": "CVE-2023-47563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-47563"
        },
        {
          "name": "CVE-2024-38641",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38641"
        },
        {
          "name": "CVE-2024-38642",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-38642"
        },
        {
          "name": "CVE-2023-34979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34979"
        },
        {
          "name": "CVE-2023-39298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39298"
        },
        {
          "name": "CVE-2023-39300",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39300"
        },
        {
          "name": "CVE-2023-45038",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-45038"
        },
        {
          "name": "CVE-2024-32771",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-32771"
        },
        {
          "name": "CVE-2023-38545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
        },
        {
          "name": "CVE-2024-27122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-27122"
        }
      ],
      "initial_release_date": "2024-09-09T00:00:00",
      "last_revision_date": "2025-01-21T00:00:00",
      "links": [],
      "reference": "CERTFR-2024-AVI-0752",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-09-09T00:00:00.000000"
        },
        {
          "description": "Ajout de l\u0027identifiant CVE-2024-53691.",
          "revision_date": "2025-01-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-24",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-24"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-26",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-26"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-34",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-34"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-30",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-30"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-21",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-21"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-27",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-27"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-29",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-29"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-28",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-28"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-32",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-32"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-25",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-25"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-33",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-33"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-22",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-22"
        },
        {
          "published_at": "2024-09-07",
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-24-35",
          "url": "https://www.qnap.com/go/security-advisory/qsa-24-35"
        }
      ]
    }

    CERTFR-2023-AVI-0721

    Vulnerability from certfr_avis - Published: 2023-09-08 - Updated: 2023-09-08

    De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une atteinte à la confidentialité des données et une exécution de code arbitraire.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Qnap QuLog Center QuLog Center pour QuTscloud c5.0.1 versions 1.4.x antérieures à 1.4.1.691
    Qnap N/A QuFirewall versions 2.3.x antérieures à 2.3.3
    Qnap N/A QuLog Center pour QTS 4.5.4 versions 1.3.x antérieures à 1.3.1.645
    Qnap QVR QVR Pro Client versions 2.3.x antérieures à 2.3.0.0420
    Qnap N/A QuLog Center pour QTS 5.0.1 versions 1.5.x antérieures à 1.5.0.738
    Qnap N/A QuLog Center pour QuTS hero h4.5.4 versions 1.3.x antérieures à 1.3.1.645
    Qnap N/A QuLog Center pour QuTS hero h5.0.1 versions 1.5.x antérieures à 1.5.0.738

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QuLog Center pour QuTscloud c5.0.1 versions 1.4.x ant\u00e9rieures \u00e0 1.4.1.691",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuFirewall versions 2.3.x ant\u00e9rieures \u00e0 2.3.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center pour QTS 4.5.4 versions 1.3.x ant\u00e9rieures \u00e0 1.3.1.645",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QVR Pro Client versions 2.3.x ant\u00e9rieures \u00e0 2.3.0.0420",
          "product": {
            "name": "QVR",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center pour QTS 5.0.1 versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.738",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center pour QuTS hero h4.5.4 versions 1.3.x ant\u00e9rieures \u00e0 1.3.1.645",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center pour QuTS hero h5.0.1 versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.738",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-23356",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23356"
        },
        {
          "name": "CVE-2023-23354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23354"
        },
        {
          "name": "CVE-2023-23357",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23357"
        },
        {
          "name": "CVE-2022-27599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27599"
        }
      ],
      "initial_release_date": "2023-09-08T00:00:00",
      "last_revision_date": "2023-09-08T00:00:00",
      "links": [],
      "reference": "CERTFR-2023-AVI-0721",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-09-08T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\nex\u00e9cution de code arbitraire.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-13 du 08 septembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-13"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-08 du 08 septembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-08"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-14 du 08 septembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-14"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-23-16 du 08 septembre 2023",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-23-16"
        }
      ]
    }

    CERTFR-2021-AVI-497

    Vulnerability from certfr_avis - Published: 2021-07-01 - Updated: 2021-07-01

    De multiples vulnérabilités ont été découvertes dans les produits QNAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Qnap QTS QTS versions 4.5.3.x antérieures à 4.5.3.1652 build 20210428
    Qnap QuTS hero QuTS hero versions antérieures à h4.5.1.1582 build 20210217
    Qnap QTS QTS versions 4.5.2.x antérieures à 4.5.2.1566 Build 2021020
    Qnap N/A Q'center versions antérieures à 1.11.1004
    Qnap QuTS hero QuTS hero versions h4.5.2.x antérieures à h4.5.2.1638 build 20210414
    Qnap QuTS hero QuTS hero versions h4.5.3.x antérieures à h4.5.3.1670 build 20210515
    Qnap N/A QuTScloud versions antérieures à c4.5.5.1656 build 20210503
    Qnap QTS QTS versions antérieures à 4.5.1.1540 build 20210107
    Qnap QuLog Center QuLog Center versions antérieures à 1.2.0

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "QTS versions 4.5.3.x ant\u00e9rieures \u00e0 4.5.3.1652 build 20210428",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions ant\u00e9rieures \u00e0 h4.5.1.1582 build 20210217",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions 4.5.2.x ant\u00e9rieures \u00e0 4.5.2.1566 Build 2021020",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "Q\u0027center versions ant\u00e9rieures \u00e0 1.11.1004",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h4.5.2.x ant\u00e9rieures \u00e0 h4.5.2.1638 build 20210414",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTS hero versions h4.5.3.x ant\u00e9rieures \u00e0 h4.5.3.1670 build 20210515",
          "product": {
            "name": "QuTS hero",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuTScloud versions ant\u00e9rieures \u00e0 c4.5.5.1656 build 20210503",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QTS versions ant\u00e9rieures \u00e0 4.5.1.1540 build 20210107",
          "product": {
            "name": "QTS",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        },
        {
          "description": "QuLog Center versions ant\u00e9rieures \u00e0 1.2.0",
          "product": {
            "name": "QuLog Center",
            "vendor": {
              "name": "Qnap",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-36194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36194"
        },
        {
          "name": "CVE-2021-28802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28802"
        },
        {
          "name": "CVE-2020-36196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36196"
        },
        {
          "name": "CVE-2020-25685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25685"
        },
        {
          "name": "CVE-2020-25684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25684"
        },
        {
          "name": "CVE-2020-25686",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25686"
        },
        {
          "name": "CVE-2021-28804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28804"
        },
        {
          "name": "CVE-2021-28803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28803"
        }
      ],
      "initial_release_date": "2021-07-01T00:00:00",
      "last_revision_date": "2021-07-01T00:00:00",
      "links": [],
      "reference": "CERTFR-2021-AVI-497",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-07-01T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits QNAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits QNAP",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-30 du 01 juillet 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-30"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-31 du 01 juillet 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-31"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-29 du 01 juillet 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-29"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-09 du 01 juillet 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-09"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 QNAP QSA-21-32 du 01 juillet 2021",
          "url": "https://www.qnap.com/fr-fr/security-advisory/qsa-21-32"
        }
      ]
    }