|
248931
|
7.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection.
|
NVD-CWE-noinfo
|
CVE-2018-13368
|
2024-11-21 12:46 |
2019-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248932
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortios
|
An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page.
|
CWE-200
Information Exposure
|
CVE-2018-13365
|
2024-11-21 12:46 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248933
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortiproxy
fortios
|
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-13383
|
2024-11-21 12:46 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248934
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortianalyzer
fortimanager
|
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts …
|
CWE-79
Cross-site Scripting
|
CVE-2018-13375
|
2024-11-21 12:46 |
2019-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248935
|
8.1 |
HIGH
Network
|
gnu
|
gcc
|
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeti…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2018-12886
|
2024-11-21 12:46 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248936
|
7.2 |
HIGH
Network
|
fortinet
|
fortisiem
|
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.
|
CWE-200
Information Exposure
|
CVE-2018-13378
|
2024-11-21 12:46 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248937
|
4.8 |
MEDIUM
Network
|
pixelite
|
events_manager
|
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13137
|
2024-11-21 12:46 |
2019-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248938
|
5.3 |
MEDIUM
Network
|
fortinet
|
fortios
|
An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets…
|
CWE-200
Information Exposure
|
CVE-2018-13366
|
2024-11-21 12:46 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248939
|
6.5 |
MEDIUM
Network
|
synology
|
calendar
|
Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2018-13299
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248940
|
8.1 |
HIGH
Network
|
synology
|
moments
|
Channel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-13298
|
2024-11-21 12:46 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
