CVSS: 2.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-2505 – Sensitive information via generation of error messages vulnerability in QES
https://notcve.org/view.php?id=CVE-2020-2505
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Si se explota, esta vulnerabilidad podría permitir a atacantes obtener información confidencial por medio de la generación de mensajes de error. QNAP ya ha corregido estos problemas en QES versiones 2.1.1 Build 20201006 y posteriores • https://www.qnap.com/zh-tw/security-advisory/qsa-20-17 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-2504 – Absolute path traversal vulnerability in QES
https://notcve.org/view.php?id=CVE-2020-2504
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Si se explota, esta vulnerabilidad de salto de ruta absoluta podría permitir a atacantes saltar archivos en File Station. QNAP ya ha corregido estos problemas en QES versiones 2.1.1 Build 20201006 y posteriores • https://www.qnap.com/zh-tw/security-advisory/qsa-20-17 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2020-2503 – Stored cross-site scripting vulnerability in QES
https://notcve.org/view.php?id=CVE-2020-2503
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. Si se explota, esta vulnerabilidad de tipo cross-site scripting almacenado podría permitir a atacantes remotos inyectar código malicioso en File Station. QNAP ya ha corregido estos problemas en QES versiones 2.1.1 Build 20201006 y posteriores • https://www.qnap.com/zh-tw/security-advisory/qsa-20-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2020-2499 – Hard-coded Password Vulnerability in QES
https://notcve.org/view.php?id=CVE-2020-2499
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. Se ha reportado de una vulnerabilidad de contraseña embebida que afecta a versiones anteriores de QES. Si es explotada, esta vulnerabilidad podría permitir a atacantes iniciar sesión con una contraseña embebida. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-19 • CWE-259: Use of Hard-coded Password CWE-522: Insufficiently Protected Credentials CWE-798: Use of Hard-coded Credentials •