|
246971
|
7.5 |
HIGH
Network
|
seagate
|
nas_os
|
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
|
CWE-200
Information Exposure
|
CVE-2018-12301
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246972
|
6.1 |
MEDIUM
Network
|
seagate
|
nas_os
|
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.
|
CWE-601
Open Redirect
|
CVE-2018-12300
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246973
|
5.4 |
MEDIUM
Network
|
seagate
|
nas_os
|
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12299
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246974
|
7.5 |
HIGH
Network
|
seagate
|
nas_os
|
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.
|
CWE-22
Path Traversal
|
CVE-2018-12298
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246975
|
6.1 |
MEDIUM
Network
|
seagate
|
nas_os
|
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12297
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246976
|
7.5 |
HIGH
Network
|
seagate
|
nas_os
|
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12296
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246977
|
9.8 |
CRITICAL
Network
|
seagate
|
nas_os
|
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
|
CWE-89
SQL Injection
|
CVE-2018-12295
|
2024-11-21 12:44 |
2019-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246978
|
6.3 |
MEDIUM
Network
|
symantec
|
endpoint_protection
|
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby …
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-12244
|
2024-11-21 12:44 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246979
|
5.5 |
MEDIUM
Local
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
mdm9650_firmware
mdm9655_firmware
qcs605_firmware
sd_410_firmware
sd_412_firmware
sd_615_firmware
sd_616_firmware
sd_415_firmware
sd_63…
|
Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electroni…
|
CWE-200
Information Exposure
|
CVE-2018-11971
|
2024-11-21 12:44 |
2019-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246980
|
7.8 |
HIGH
Local
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
mdm9650_firmware
mdm9655_firmware
qcs605_firmware
sd_410_firmware
sd_412_firmware
sd_636_firmware
sd_712_firmware
sd_710_firmware
sd_67…
|
TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap…
|
NVD-CWE-noinfo
|
CVE-2018-11970
|
2024-11-21 12:44 |
2019-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
