Vulnerabilities > Qnap > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-13 CVE-2020-36197 Unspecified vulnerability in Qnap Music Station
An improper access control vulnerability has been reported to affect earlier versions of Music Station.
low complexity
qnap
8.8
2021-01-11 CVE-2020-2508 Command Injection vulnerability in Qnap QTS
A command injection vulnerability has been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-77
7.2
2020-12-31 CVE-2018-19944 Cleartext Transmission of Sensitive Information vulnerability in Qnap QTS
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices.
network
low complexity
qnap CWE-319
7.5
2020-12-31 CVE-2018-19941 Cleartext Storage of Sensitive Information vulnerability in Qnap QTS
A vulnerability has been reported to affect QNAP NAS.
network
low complexity
qnap CWE-312
7.5
2020-12-29 CVE-2020-25847 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
8.8
2020-12-24 CVE-2020-2504 Path Traversal vulnerability in Qnap QES
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station.
network
low complexity
qnap CWE-22
7.5
2020-12-24 CVE-2020-2499 Use of Hard-coded Credentials vulnerability in Qnap QES
A hard-coded password vulnerability has been reported to affect earlier versions of QES.
network
low complexity
qnap CWE-798
7.2
2020-11-16 CVE-2020-2492 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
2020-11-16 CVE-2020-2490 Command Injection vulnerability in Qnap QTS
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.
network
low complexity
qnap CWE-77
7.2
2020-11-02 CVE-2018-19952 SQL Injection vulnerability in Qnap Music Station
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information.
network
low complexity
qnap CWE-89
7.5