Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2018-12316

    OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12315

    Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12314

    Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12313

    OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12312

    OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12311

    Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12310

    Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12309

    Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-12308

    Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12307

    OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12306

    Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12305

    Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.... Read more

    Affected Products : data_master
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12304

    Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12303

    Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12302

    Missing HTTPOnly flag on session cookies in the Seagate NAS OS version 4.3.15.1 web application allows attackers to steal session tokens via cross-site scripting.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12301

    Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12300

    Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12299

    Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12298

    Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-12297

    Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.... Read more

    Affected Products : nas_os
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294349 Results