|
252921
|
5.5 |
MEDIUM
Local
|
intel
|
integrated_performance_primitives
|
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
|
CWE-200
Information Exposure
|
CVE-2018-12155
|
2024-11-21 12:44 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252922
|
7.5 |
HIGH
Network
|
asustor
|
data_master
|
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12319
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252923
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.
|
CWE-200
Information Exposure
|
CVE-2018-12318
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252924
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
|
CWE-78
OS Command
|
CVE-2018-12317
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252925
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
|
CWE-78
OS Command
|
CVE-2018-12316
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252926
|
6.5 |
MEDIUM
Network
|
asustor
|
data_master
|
Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-12315
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252927
|
7.5 |
HIGH
Network
|
asustor
|
data_master
|
Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.
|
CWE-22
Path Traversal
|
CVE-2018-12314
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252928
|
9.8 |
CRITICAL
Network
|
asustor
|
data_master
|
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
|
CWE-78
OS Command
|
CVE-2018-12313
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252929
|
8.8 |
HIGH
Network
|
asustor
|
data_master
|
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
|
CWE-78
OS Command
|
CVE-2018-12312
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252930
|
5.4 |
MEDIUM
Network
|
asustor
|
data_master
|
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12311
|
2024-11-21 12:44 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|