|
247391
|
4.3 |
MEDIUM
Adjacent
|
samsung
|
galaxy_s6_firmware
|
A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an atta…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-14853
|
2024-11-21 12:49 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247392
|
6.3 |
MEDIUM
Adjacent
|
samsung
|
galaxy_s6_firmware
|
Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has ob…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14852
|
2024-11-21 12:49 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247393
|
4.3 |
MEDIUM
Network
|
theforeman
|
katello
|
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal …
|
-
|
CVE-2018-14623
|
2024-11-21 12:49 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247394
|
9.8 |
CRITICAL
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation.
|
CWE-287
Improper Authentication
|
CVE-2018-14709
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247395
|
9.8 |
CRITICAL
Network
|
drobo
|
5n2_firmware
|
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic.
|
CWE-287
Improper Authentication
|
CVE-2018-14708
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247396
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations.
|
CWE-22
Path Traversal
|
CVE-2018-14707
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247397
|
9.8 |
CRITICAL
Network
|
drobo
|
5n2_firmware
|
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST r…
|
CWE-78
OS Command
|
CVE-2018-14706
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247398
|
6.1 |
MEDIUM
Network
|
drobo
|
5n2_firmware
|
Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14704
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247399
|
9.8 |
CRITICAL
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-14703
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247400
|
7.5 |
HIGH
Network
|
drobo
|
5n2_firmware
|
Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information.
|
CWE-200
Information Exposure
|
CVE-2018-14702
|
2024-11-21 12:49 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
