Approved changes feed: RSS · Atom
cpe:2.3:a:qnap_systems_inc.:qes:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Qnap Systems Inc. (1f66ac1e-0889-51bf-b27f-24c7175e5920) |
|---|---|
| Product | Qes (e944c353-a034-5d42-82cb-1d4bfc8a9b43) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-34974 |
not_vulnerable | 2026-06-03 14:52:17.472779 |
QTS, QuTS hero, QuTScloud, QVR, QES
HIGH (8.8)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
Published: 2024-09-06T16:27:27.244Z
Updated: 2024-09-06T17:41:58.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23355 |
not_vulnerable | 2026-06-03 14:49:21.282661 |
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR
MEDIUM (6.6)
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
Published: 2023-03-29T04:02:59.944Z
Updated: 2025-02-12T16:49:09.437Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2505 |
vulnerable | 2026-06-03 14:42:30.465129 |
Sensitive information via generation of error messages vulnerability in QES
LOW (2.3)
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
Published: 2020-12-24T01:39:48.218Z
Updated: 2024-09-16T21:07:28.461Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2504 |
vulnerable | 2026-06-03 14:42:30.464580 |
Absolute path traversal vulnerability in QES
MEDIUM (5.8)
If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
Published: 2020-12-24T01:39:28.422Z
Updated: 2024-09-17T00:25:31.081Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2503 |
vulnerable | 2026-06-03 14:42:30.461698 |
Stored cross-site scripting vulnerability in QES
CRITICAL (9)
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
Published: 2020-12-24T01:39:08.389Z
Updated: 2024-09-17T03:07:20.826Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-2499 |
vulnerable | 2026-06-03 14:42:30.450005 |
Hard-coded Password Vulnerability in QES
MEDIUM (6.3)
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.
Published: 2020-12-24T01:38:14.895Z
Updated: 2024-09-17T03:18:12.926Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.