|
247221
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
|
CWE-200
Information Exposure
|
CVE-2018-14696
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247222
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL paramet…
|
CWE-200
Information Exposure
|
CVE-2018-14695
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247223
|
8.1 |
HIGH
Network
|
redhat
|
keycloak
|
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
|
CWE-287
Improper Authentication
|
CVE-2018-14637
|
2024-11-21 12:49 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247224
|
7.5 |
HIGH
Network
|
powerdns
|
recursor
authoritative
|
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of ser…
|
NVD-CWE-noinfo
|
CVE-2018-14626
|
2024-11-21 12:49 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247225
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14749
|
2024-11-21 12:49 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247226
|
7.5 |
HIGH
Network
|
qnap
|
qts
|
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to pow…
|
CWE-863
Incorrect Authorization
|
CVE-2018-14748
|
2024-11-21 12:49 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247227
|
7.5 |
HIGH
Network
|
qnap
|
qts
|
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14747
|
2024-11-21 12:49 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247228
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbi…
|
CWE-77
Command Injection
|
CVE-2018-14746
|
2024-11-21 12:49 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247229
|
6.5 |
MEDIUM
Network
|
samba
canonical
debian
|
samba
ubuntu_linux
debian_linux
|
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local at…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-14629
|
2024-11-21 12:49 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247230
|
5.9 |
MEDIUM
Network
|
powerdns
|
dnsdist
|
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record wh…
|
CWE-20
Improper Input Validation
|
CVE-2018-14663
|
2024-11-21 12:49 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
