QNAP Product Security Update Advisory (CVE-2024-21899, CVE-2024-21900, CVE-2024-21901)

Mar 11 2024

Overview

An update has been made available to fix vulnerabilities in QNAP products. users of affected versions are advised to update to the latest version.

Affected Products

Cve-2024-21899, cve-2024-21900, cve-2024-21901

QTS 5.1.x
QTS 4.5.x
QuTS Hero h5.1.x Version
QuTS Hero h4.5.x version
QuTScloud c5.x version
myQNAPcloud 1.0.x version

Resolved Vulnerabilities

System security compromise vulnerability when an improper authentication vulnerability is exploited (CVE-2024-21899)

Command execution vulnerability via an injection vulnerability (CVE-2024-21900)

Malware injection vulnerability due to SQL injection vulnerability exploitation (CVE-2024-21901)

Vulnerability Patches

Vulnerability Patches were made available in the March 9, 2024 update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2024-21899, cve-2024-21900, cve-2024-21901

QTS 5.1.3.2578 build 20231110 or later
QTS 4.5.4.2627 build 20231225 or later
QuTS Hero h5.1.3.2578 build 20231110 or later
QuTS Hero h4.5.4.2626 build 20231225 or later
QuTScloud c5.1.5.2651 or later
myQNAPcloud 1.0.52 (11/24/2023) or later

Referenced Sites

[1] Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, and myQNAPcloud
https://www.qnap.com/en/security-advisory/qsa-24-09

QNAP Product Security Update Advisory (CVE-2024-21899, CVE-2024-21900, CVE-2024-21901)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

GitLab CE/EE Product Security Update Advisory (CVE-2024-0199, CVE-2024-1299)

Security update advisory for python pillow package (CVE-2023-50447, CVE-2022-22817)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

GitLab CE/EE Product Security Update Advisory (CVE-2024-0199, CVE-2024-1299)

Security update advisory for python pillow package (CVE-2023-50447, CVE-2022-22817)