Vulnerabilities (CVE)

Total 315294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13380 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 4.3 MEDIUM 4.7 MEDIUM
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
CVE-2018-13378 1 Fortinet 1 Fortisiem 2024-11-21 4.0 MEDIUM 7.2 HIGH
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
CVE-2018-13376 1 Fortinet 1 Fortios 2024-11-21 5.0 MEDIUM 7.5 HIGH
An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 to 5.6.3, 5.4.6 to 5.4.7, 5.2 all versions under web proxy's disclaimer response web pages, potentially causing sensitive data to be displayed in the HTTP response.
CVE-2018-13375 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
CVE-2018-13371 1 Fortinet 1 Fortios 2024-11-21 6.5 MEDIUM 8.8 HIGH
An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.
CVE-2018-13368 1 Fortinet 1 Forticlient 2024-11-21 4.6 MEDIUM 7.8 HIGH
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
CVE-2018-13367 1 Fortinet 1 Fortios 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI.
CVE-2018-13366 1 Fortinet 1 Fortios 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol.
CVE-2018-13365 1 Fortinet 1 Fortios 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.
CVE-2018-13361 1 Terra-master 1 Terramaster Operating System 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
CVE-2018-13360 1 Terra-master 1 Terramaster Operating System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVE-2018-13359 1 Terra-master 1 Terramaster Operating System 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVE-2018-13358 1 Terra-master 1 Terramaster Operating System 2024-11-21 9.0 HIGH 8.8 HIGH
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
CVE-2018-13357 1 Terra-master 1 Terramaster Operating System 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVE-2018-13356 1 Terra-master 1 Terramaster Operating System 2024-11-21 9.0 HIGH 8.8 HIGH
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
CVE-2018-13355 1 Terra-master 1 Terramaster Operating System 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.
CVE-2018-13354 1 Terra-master 1 Terramaster Operating System 2024-11-21 10.0 HIGH 9.8 CRITICAL
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
CVE-2018-13353 1 Terra-master 1 Terramaster Operating System 2024-11-21 9.0 HIGH 8.8 HIGH
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
CVE-2018-13352 1 Terra-master 1 Terramaster Operating System 2024-11-21 5.0 MEDIUM 7.5 HIGH
Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory.
CVE-2018-13351 1 Terra-master 1 Terramaster Operating System 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.