|
200971
|
9.8 |
CRITICAL
Network
|
qnap
|
helpdesk
|
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: …
|
CWE-78
OS Command
|
CVE-2020-2507
|
2024-11-21 14:25 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200972
|
9.8 |
CRITICAL
Network
|
qnap
|
helpdesk
|
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by ga…
|
NVD-CWE-Other
|
CVE-2020-2506
|
2024-11-21 14:25 |
2021-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200973
|
7.2 |
HIGH
Network
|
qnap
|
qts
quts_hero
|
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP hav…
|
CWE-77
Command Injection
|
CVE-2020-2508
|
2024-11-21 14:25 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200974
|
2.3 |
LOW
Local
|
qnap
|
qes
|
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-2505
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200975
|
7.5 |
HIGH
Network
|
qnap
|
qes
|
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
|
CWE-22
Path Traversal
|
CVE-2020-2504
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200976
|
5.4 |
MEDIUM
Network
|
qnap
|
qes
|
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2503
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200977
|
7.2 |
HIGH
Network
|
qnap
|
qes
|
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-2499
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200978
|
6.1 |
MEDIUM
Network
|
qnap
|
quts_hero
qts
|
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the followin…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2498
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200979
|
6.1 |
MEDIUM
Network
|
qnap
|
music_station
|
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2494
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200980
|
6.1 |
MEDIUM
Network
|
qnap
|
multimedia_console
|
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2493
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
