- Lid sinds
- 8 feb 2001
- Berichten
- 34.838
- Waarderingsscore
- 1.028
- Punten
- 113
- Leeftijd
- 60
- Locatie
- State Penitentiary
Taipei, Taiwan, September 22, 2023 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
This advisory includes the following:
Release date: September 22, 2023
CVE identifier: CVE-2006-20001; CVE-2022-36760; CVE-2022-37436
Affected products: QTS 5.1.0, QuTS hero h5.1.0, QuTScloud c5.0.1
Summary
Multiple vulnerabilities in Apache HTTP Server have been reported to affect certain QNAP operating systems.
We have already fixed the vulnerabilities in the following versions:
Release date: September 22, 2023
CVE identifier: CVE-2023-23363
Affected products: QTS 4.3.6, 4.3.4, 4.3.3, 4.2.6
Summary
A buffer copy without checking size of input vulnerability has been reported to affect certain legacy versions of QTS. If exploited, the vulnerability could allow clients to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
<<Learn more>>
Release date: September 22, 2023
CVE identifier: CVE-2023-23364
Affected products: Multimedia Console 2.1, 1.4
Summary
A buffer copy without checking size of input vulnerability has been reported to affect certain versions of Multimedia Console. If exploited, the vulnerability could allow clients to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
This advisory includes the following:
- Vulnerabilities in Apache HTTP Server (ID: QSA-23-12)
- Vulnerability in Legacy QTS (ID: QSA-23-25)
- Vulnerability in Multimedia Console (ID: QSA-23-29)
Vulnerabilities in Apache HTTP Server
Security ID: QSA-23-12Release date: September 22, 2023
CVE identifier: CVE-2006-20001; CVE-2022-36760; CVE-2022-37436
Affected products: QTS 5.1.0, QuTS hero h5.1.0, QuTScloud c5.0.1
Summary
Multiple vulnerabilities in Apache HTTP Server have been reported to affect certain QNAP operating systems.
We have already fixed the vulnerabilities in the following versions:
- QTS 5.1.0.2348 build 20230325 and later
- QuTS hero h5.1.0.2392 build 20230508 and later
- QuTScloud c5.0.1.2374 and later
Vulnerability in Legacy QTS
Security ID: QSA-23-25Release date: September 22, 2023
CVE identifier: CVE-2023-23363
Affected products: QTS 4.3.6, 4.3.4, 4.3.3, 4.2.6
Summary
A buffer copy without checking size of input vulnerability has been reported to affect certain legacy versions of QTS. If exploited, the vulnerability could allow clients to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
- QTS 4.3.6.2441 build 20230621 and later
- QTS 4.3.4.2451 build 20230621 and later
- QTS 4.3.3.2420 build 20230621 and later
- QTS 4.2.6 build 20230621 and later
<<Learn more>>
Vulnerability in Multimedia Console
Security ID: QSA-23-29Release date: September 22, 2023
CVE identifier: CVE-2023-23364
Affected products: Multimedia Console 2.1, 1.4
Summary
A buffer copy without checking size of input vulnerability has been reported to affect certain versions of Multimedia Console. If exploited, the vulnerability could allow clients to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
- Multimedia Console 2.1.1 (2023/03/29) and later
- Multimedia Console 1.4.7 (2023/03/20) and later
