• Latest
  • Trending
Qnap Security Advisory: Bulletin ID: QSA-21-48, QSA-21-49 and QSA-21-50

Qnap Security Advisory: Bulletin ID: QSA-21-48, QSA-21-49 and QSA-21-50

November 23, 2021
iOS 15.5 arrives ahead of Apple’s annual developer conference

iOS 15.5 arrives ahead of Apple’s annual developer conference

May 17, 2022
Researchers devise iPhone malware that runs even when device is turned off

Researchers devise iPhone malware that runs even when device is turned off

May 17, 2022
AMD Ryzen 7000 “Phoenix” APUs with RDNA3 Graphics to 3D V-Cache

AMD Ryzen 7000 “Phoenix” APUs with RDNA3 Graphics to 3D V-Cache

May 17, 2022
Huawei holds maiden ICT to develop 100,000 ICT Talents through LEAP in Ghana

Huawei holds maiden ICT to develop 100,000 ICT Talents through LEAP in Ghana

May 17, 2022
Nokia Moves HR Functions to Oracle Fusion Cloud HCM

Nokia Moves HR Functions to Oracle Fusion Cloud HCM

May 17, 2022
Ericsson and Turkcell Perform Turkey’s First 5G Connected Mobile Robot Demo

Ericsson and Turkcell Perform Turkey’s First 5G Connected Mobile Robot Demo

May 17, 2022
Relativity and ENSafrica to Help Expand the African Cloud Capabilities

Relativity and ENSafrica to Help Expand the African Cloud Capabilities

May 17, 2022
MTN Nigeria Adopts LigaData’s Time Machine

MTN Nigeria Adopts LigaData’s Time Machine

May 17, 2022
NVIDIA Certifies NetApp EF600 For DGX SuperPOD

NVIDIA Certifies NetApp EF600 For DGX SuperPOD

May 17, 2022
PNY Announced XLR8 DDR5-6000 MAKO RGB Memory Kits

PNY Announced XLR8 DDR5-6000 MAKO RGB Memory Kits

May 17, 2022
V-Color Manta XPrism RGB SCC DDR5-6200 CL36 2x 16 GB

V-Color Manta XPrism RGB SCC DDR5-6200 CL36 2x 16 GB

May 17, 2022
WD Announces WD Black SN850X and P40 Game Drive

WD Announces WD Black SN850X and P40 Game Drive

May 17, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Tuesday, 17 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Qnap Security Advisory: Bulletin ID: QSA-21-48, QSA-21-49 and QSA-21-50

by ITECHNEWS
November 23, 2021
in Data Storage
0 0
0
Qnap Security Advisory: Bulletin ID: QSA-21-48, QSA-21-49 and QSA-21-50

Concerning reflected XSS Vulnerability in Ragic Cloud DB, CSRF vulnerability in QmailAgent, and heap-based buffer overflow vulnerability in QTS and QuTS hero NAS OS

Source: StorageNewsletter.com

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of company’s products. 

YOU MAY ALSO LIKE

NVIDIA Certifies NetApp EF600 For DGX SuperPOD

PNY Announced XLR8 DDR5-6000 MAKO RGB Memory Kits

Use following information and solutions to correct security issues and vulnerabilities.

Advisory includes following:

  • Reflected XSS Vulnerability in Ragic Cloud DB (ID: QSA-21-48) 
  • CSRF Vulnerability in QmailAgent (ID: QSA-21-49) 
  • Heap-Based Buffer Overflow Vulnerability in QTS and QuTS hero (ID:QSA-21-50)

Reflected XSS Vulnerability in Ragic Cloud DB
Release date: November 19, 2021 
Security ID: QSA-21-48 
Severity: Medium 
CVE identifier: CVE-2021-38681 
Affected products: Qnap NAS running Ragic Cloud DB

Summary 
A reflected cross-site scripting (XSS) vulnerability has been reported to affect Qnap NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code.

The company have already disabled and removed Ragic Cloud DB from the Qnap App Center, pending a security patch from Ragic.

Informations

CSRF Vulnerability in QmailAgent
Release date: November 19, 2021 
Security ID: QSA-21-49 
Severity: Medium 
CVE identifier: CVE-2021-34358 
Affected products: Qnap NAS running QmailAgent

Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect Qnap NAS running QmailAgent. If exploited, this vulnerability allows remote attackers to trick a victim into performing unintended actions on the web application while the victim is logged in. 

The company have already fixed this vulnerability in following versions of QmailAgent:

  • QmailAgent 3.0.2 (2021/08/25) and later 

Informations

Heap-Based Buffer Overflow Vulnerability in QTS and QuTS hero NAS OS
Release date: November 19, 2021 
Security ID: QSA-21-50 
Severity: High 
Affected products: Qnap NAS running QTS and QuTS hero

Summary 
A heap-based buffer overflow vulnerability has been reported to affect Qnap NAS devices that have Apple File Protocol (AFP) enabled in QTS or QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code.

The company have already fixed this vulnerability in following versions of QTS and QuTS hero:

  • QTS 5.0.0.1808 build 20211001 and later 
  • QTS 4.5.4.1800 build 20210923 and later 
  • QTS 4.3.6.1831 build 20211019 and later 
  • QTS 4.3.3.1799 build 20211008 and later 
  • QuTS hero h5.0.0.1844 build 20211105 and later 
  • QuTS hero h4.5.4.1813 build 20211006 and later 

Informations

Questions regarding this issue: contact

ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

iOS 15.5 arrives ahead of Apple’s annual developer conference

iOS 15.5 arrives ahead of Apple’s annual developer conference

May 17, 2022
Researchers devise iPhone malware that runs even when device is turned off

Researchers devise iPhone malware that runs even when device is turned off

May 17, 2022
AMD Ryzen 7000 “Phoenix” APUs with RDNA3 Graphics to 3D V-Cache

AMD Ryzen 7000 “Phoenix” APUs with RDNA3 Graphics to 3D V-Cache

May 17, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

iOS 15.5 arrives ahead of Apple’s annual developer conference

iOS 15.5 arrives ahead of Apple’s annual developer conference

May 17, 2022
Researchers devise iPhone malware that runs even when device is turned off

Researchers devise iPhone malware that runs even when device is turned off

May 17, 2022

Recent News

  • iOS 15.5 arrives ahead of Apple’s annual developer conference May 17, 2022
  • Researchers devise iPhone malware that runs even when device is turned off May 17, 2022
  • AMD Ryzen 7000 “Phoenix” APUs with RDNA3 Graphics to 3D V-Cache May 17, 2022
  • Huawei holds maiden ICT to develop 100,000 ICT Talents through LEAP in Ghana May 17, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version