Total
315268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | |||||
| CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | |||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | |||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | |||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | |||||
| CVE-2018-13359 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | |||||
| CVE-2018-13358 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | |||||
| CVE-2018-13357 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | |||||
| CVE-2018-13356 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions. | |||||
| CVE-2018-13355 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization. | |||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | |||||
| CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | |||||
| CVE-2018-13352 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | |||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | |||||
| CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | |||||
| CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | |||||
| CVE-2018-13348 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | |||||
| CVE-2018-13347 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |||||
| CVE-2018-13346 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | |||||
| CVE-2018-13342 | 1 Linhandante | 1 Anda | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The server API in the Anda app relies on hardcoded credentials. | |||||