Vulnerabilities > Qnap

DATE CVE VULNERABILITY TITLE RISK
2021-01-11 CVE-2020-2508 Command Injection vulnerability in Qnap QTS
A command injection vulnerability has been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-77
6.5
2020-12-31 CVE-2018-19945 Path Traversal vulnerability in Qnap QTS
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6.
network
low complexity
qnap CWE-22
8.5
2020-12-31 CVE-2018-19944 Cleartext Transmission of Sensitive Information vulnerability in Qnap QTS
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices.
network
low complexity
qnap CWE-319
5.0
2020-12-31 CVE-2018-19941 Cleartext Storage of Sensitive Information vulnerability in Qnap QTS
A vulnerability has been reported to affect QNAP NAS.
network
low complexity
qnap CWE-312
5.0
2020-12-29 CVE-2020-25847 Command Injection vulnerability in Qnap QTS
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
6.5
2020-12-24 CVE-2020-2505 Information Exposure Through AN Error Message vulnerability in Qnap QES 2.1.1
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages.
local
low complexity
qnap CWE-209
2.1
2020-12-24 CVE-2020-2504 Path Traversal vulnerability in Qnap QES 2.1.1
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station.
network
low complexity
qnap CWE-22
5.0
2020-12-24 CVE-2020-2503 Cross-Site Scripting vulnerability in Qnap QES 2.1.1
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
qnap CWE-79
3.5
2020-12-24 CVE-2020-2499 USE of Hard-Coded Credentials vulnerability in Qnap QES 2.1.1
A hard-coded password vulnerability has been reported to affect earlier versions of QES.
network
low complexity
qnap CWE-798
4.0
2020-12-10 CVE-2020-2498 Cross-Site Scripting vulnerability in Qnap QTS and Quts Hero
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
network
qnap CWE-79
4.3