Qnap QES Generation of Error Message Containing Sensitive Information (CVE-2020-2505)

If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

CVE-2020-2503

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later...

CVE-2020-2503

If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later...

CVE-2020-2504

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later...

Path traversal

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later...

QNAP QES Security Vulnerabilities

QNAP QES is a desktop operating system from China's QNAP Inc. that is primarily used for managing files. A security vulnerability exists in versions prior to QES 2.1.1 Build 20201006, which can be exploited by an attacker to obtain sensitive information by generating an error message...