Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-44056: Multiple Vulnerabilities in Video Station - Security Advisory

An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later

CVE
#vulnerability#auth

<< Back to Security Advisory List

  • Release date: May 6, 2022
  • Security ID: QSA-22-14
  • Severity: Medium
  • CVE identifier: CVE-2021-44055 | CVE-2021-44056
  • Affected products: Certain QNAP NAS running Video Station
  • Status: Resolved

Summary

Multiple vulnerabilities have been reported to affect QNAP NAS running certain versions of Video Station. If exploited, this vulnerability allows remote attackers to access sensitive data, perform unauthorized actions, and compromise the security of the system.

We have already fixed the vulnerabilities in the following versions:

  • Video Station 5.5.9 and later
  • Video Station 5.3.13 and later
  • Video Station 5.1.8 and later

Recommendation

To fix the vulnerabilities, we recommend updating Video Station to the latest version.

Updating Video Station

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Enter “Video Station”.
    Video Station appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Video Station is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Thomas Fady

Revision History: V1.0 (May 6, 2022) - Published

Related news

CVE-2021-27759: Security Bulletin: Cross-site Request Forgery vulnerabilities affect HCL BigFix Inventory v9 and v10 (CVE-2021-27758, CVE-2021-27759)

This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application.

CVE-2021-27767: Security Bulletin: HCL BigFix Platform is affected by multiple vulnerabilities around Web Transport Security (TLS), security-related HTTP headers, Privilege Escalation, OpenSSL and zlib

The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

CVE-2021-27760: Security Bulletin: HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart (CVE-2021-27760)

An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code.

CVE-2021-44054: Multiple Vulnerabilities in QTS, QuTS hero, and QuTScloud - Security Advisory

An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

CVE-2021-44057: Vulnerability in Photo Station - Security Advisory

An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later

CVE-2021-38693: Path Traversal Vulnerability in thttpd - Security Advisory

A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907