Vulnerabilities > Qnap > QES

DATE CVE VULNERABILITY TITLE RISK
2020-12-24 CVE-2020-2505 Information Exposure Through an Error Message vulnerability in Qnap QES
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages.
local
low complexity
qnap CWE-209
2.3
2.3
2020-12-24 CVE-2020-2504 Path Traversal vulnerability in Qnap QES
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station.
network
low complexity
qnap CWE-22
7.5
7.5
2020-12-24 CVE-2020-2503 Cross-site Scripting vulnerability in Qnap QES
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station.
network
low complexity
qnap CWE-79
5.4
5.4
2020-12-24 CVE-2020-2499 Use of Hard-coded Credentials vulnerability in Qnap QES
A hard-coded password vulnerability has been reported to affect earlier versions of QES.
network
low complexity
qnap CWE-798
7.2
7.2