|
247251
|
8.1 |
HIGH
Network
|
gnu
|
gcc
|
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeti…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2018-12886
|
2024-11-21 12:46 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247252
|
7.2 |
HIGH
Network
|
fortinet
|
fortisiem
|
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
|
CWE-200
Information Exposure
|
CVE-2018-13378
|
2024-11-21 12:46 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247253
|
4.8 |
MEDIUM
Network
|
pixelite
|
events_manager
|
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13137
|
2024-11-21 12:46 |
2019-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247254
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortios
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets…
|
CWE-200
Information Exposure
|
CVE-2018-13366
|
2024-11-21 12:46 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247255
|
6.5 |
MEDIUM
Network
|
synology
|
calendar
|
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2018-13299
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247256
|
8.1 |
HIGH
Network
|
synology
|
moments
|
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-13298
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247257
|
5.3 |
MEDIUM
Network
|
synology
|
drive_server
|
Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter.
|
CWE-200
Information Exposure
|
CVE-2018-13297
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247258
|
7.5 |
HIGH
Network
|
synology
|
mailplus_server
|
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated re…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-13296
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247259
|
6.5 |
MEDIUM
Network
|
synology
|
application_service
|
Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the…
|
CWE-200
Information Exposure
|
CVE-2018-13295
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247260
|
6.5 |
MEDIUM
Network
|
synology
|
application_service
|
Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid para…
|
CWE-200
Information Exposure
|
CVE-2018-13294
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
