Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13795 | 1 Creolabs | 1 Gravity | 2018-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Gravity before 0.5.1 does not support a maximum recursion depth. | |||||
| CVE-2018-3687 | 1 Intel | 1 Quartus Ii Programmer And Tools | 2018-09-05 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. | |||||
| CVE-2018-5876 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2018-5875 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2018-3684 | 1 Intel | 1 Quartus Ii | 2018-09-05 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. | |||||
| CVE-2018-3683 | 1 Intel | 1 Quartus Prime | 2018-09-05 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. | |||||
| CVE-2018-3668 | 1 Intel | 1 Processor Diagnostic Tool | 2018-09-05 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. | |||||
| CVE-2018-13997 | 1 Codeplea | 1 Genann | 2018-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| Genann through 2018-07-08 has a SEGV in genann_run in genann.c. | |||||
| CVE-2018-12529 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | |||||
| CVE-2018-12528 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 7.5 HIGH | 8.1 HIGH |
| An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. | |||||
| CVE-2018-11638 | 1 Dialogic | 1 Powermedia Xms | 2018-09-05 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | |||||
| CVE-2018-5832 | 1 Google | 1 Android | 2018-09-04 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur. | |||||
| CVE-2018-5834 | 1 Google | 1 Android | 2018-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
| CVE-2018-5838 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2018-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. | |||||
| CVE-2013-0589 | 1 Ibm | 1 Inotes | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371. | |||||
| CVE-2018-5891 | 1 Qualcomm | 30 Msm8909w, Msm8909w Firmware, Msm8996au and 27 more | 2018-09-04 | 4.6 MEDIUM | 8.4 HIGH |
| While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2013-2972 | 1 Ibm | 1 Websphere Cast Iron Cloud Integration | 2018-09-04 | 7.8 HIGH | 7.5 HIGH |
| IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. | |||||
| CVE-2018-13054 | 2 Debian, Linuxmint | 2 Debian Linux, Cinnamon | 2018-09-04 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. | |||||
| CVE-2018-8025 | 1 Apache | 1 Hbase | 2018-09-04 | 6.8 MEDIUM | 8.1 HIGH |
| CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. | |||||
| CVE-2018-13056 | 1 Zzcms | 1 Zzcms | 2018-09-04 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
| CVE-2018-5862 | 1 Google | 1 Android | 2018-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. | |||||
| CVE-2018-12018 | 1 Ethereum | 1 Go Ethereum | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. | |||||
| CVE-2018-1000504 | 1 Redirection | 1 Redirection | 2018-09-04 | 9.0 HIGH | 7.2 HIGH |
| Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. | |||||
| CVE-2017-0929 | 1 Dnnsoftware | 1 Dotnetnuke | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2017-0921 | 1 Gitlab | 1 Gitlab | 2018-09-04 | 6.8 MEDIUM | 8.1 HIGH |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | |||||
| CVE-2017-0919 | 1 Gitlab | 1 Gitlab | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | |||||
| CVE-2018-13545 | 1 Hashshield Project | 1 Hashshield | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13547 | 1 Pve Project | 1 Pve | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13546 | 1 Ccash Project | 1 Ccash | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13550 | 1 Coquinhoerc20 Project | 1 Coquinhoerc20 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13551 | 1 Bgamecoin Project | 1 Bgamecoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13549 | 1 Neurotoken | 1 Neurotoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13560 | 1 Kelvintoken Project | 1 Kelvintoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13561 | 1 Eth033 Project | 1 Eth033 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13562 | 1 Bmvcoin | 1 Bmvcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13567 | 1 Sdr22 Project | 1 Sdr22 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13569 | 1 Yaofache | 1 Hittoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13568 | 1 Mktcoin | 1 Mktcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13566 | 1 Retainly | 1 Retntoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13570 | 1 Kktestcoin1 Project | 1 Kktestcoin1 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13579 | 1 Forevercoin Project | 1 Forevercoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13580 | 1 Providencecasino Project | 1 Providencecasino | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13575 | 1 Yestoken Project | 1 Yestoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13582 | 1 My2token Project | 1 My2token | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13583 | 1 Shmoo Project | 1 Shmoo | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13585 | 1 Cherrycoin Project | 1 Cherrycoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13586 | 1 Nectarcoin Project | 1 Nectarcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13588 | 1 Code47 | 1 Code47 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13589 | 1 Mooadvtoken Project | 1 Mooadvtoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||