Total
315297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | |||||
| CVE-2018-13352 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | |||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | |||||
| CVE-2018-13350 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | |||||
| CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | |||||
| CVE-2018-13348 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | |||||
| CVE-2018-13347 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |||||
| CVE-2018-13346 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | |||||
| CVE-2018-13342 | 1 Linhandante | 1 Anda | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The server API in the Anda app relies on hardcoded credentials. | |||||
| CVE-2018-13341 | 1 Crestron | 15 Mc3, Mc3 Firmware, Tsw-1060-b-s and 12 more | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. | |||||
| CVE-2018-13340 | 1 Gleeztech | 1 Gleez Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | |||||
| CVE-2018-13339 | 1 Angular Redactor Project | 1 Angular Redactor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | |||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | |||||
| CVE-2018-13337 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript. | |||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | |||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
| CVE-2018-13332 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter. | |||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | |||||