CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38679 – Improper Authentication in Kazoo Server
https://notcve.org/view.php?id=CVE-2021-38679
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta a los NAS de QNAP que ejecutan Kazoo Server. Si es explotado, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Kazoo Server: Kazoo Server versiones 4.11.22 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-01 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38680 – Reflected XSS in Kazoo Server
https://notcve.org/view.php?id=CVE-2021-38680
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later Se ha informado de una vulnerabilidad de tipo cross-site scripting (XSS)que afecta al dispositivo de QNAP que ejecuta Kazoo Server. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Kazoo Server: Kazoo Server 4.11.20 y posteriores • https://www.qnap.com/en/security-advisory/qsa-21-54 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •