|
209371
|
7.2 |
HIGH
Network
|
qnap
|
qts
quts_hero
|
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP hav…
|
CWE-77
Command Injection
|
CVE-2020-2508
|
2024-11-21 14:25 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209372
|
2.3 |
LOW
Local
|
qnap
|
qes
|
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-2505
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209373
|
7.5 |
HIGH
Network
|
qnap
|
qes
|
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
|
CWE-22
Path Traversal
|
CVE-2020-2504
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209374
|
5.4 |
MEDIUM
Network
|
qnap
|
qes
|
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2503
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209375
|
7.2 |
HIGH
Network
|
qnap
|
qes
|
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-2499
|
2024-11-21 14:25 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209376
|
6.1 |
MEDIUM
Network
|
qnap
|
quts_hero
qts
|
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the followin…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2498
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209377
|
6.1 |
MEDIUM
Network
|
qnap
|
music_station
|
This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2494
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209378
|
6.1 |
MEDIUM
Network
|
qnap
|
multimedia_console
|
This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2493
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209379
|
6.1 |
MEDIUM
Network
|
qnap
|
photo_station
|
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QT…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2491
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209380
|
6.1 |
MEDIUM
Network
|
qnap
|
quts_hero
qts
|
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following v…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2497
|
2024-11-21 14:25 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
