Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13091 | 1 Sumocoin Project | 1 Sumocoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13092 | 1 Reimbursetoken Project | 1 Reimbursetoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2017-9312 | 1 Rockwellautomation | 2 Allen-bradley L30erms, Allen-bradley L30erms Firmware | 2018-08-23 | 7.8 HIGH | 7.5 HIGH |
| Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | |||||
| CVE-2018-7773 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. | |||||
| CVE-2018-8030 | 1 Apache | 1 Qpid Broker-j | 2018-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected. | |||||
| CVE-2018-7769 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | |||||
| CVE-2018-7767 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. | |||||
| CVE-2018-7774 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. | |||||
| CVE-2018-7766 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | |||||
| CVE-2018-7768 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-21 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter. | |||||
| CVE-2018-8802 | 1 Unisys | 2 Clearpath Eportal Manager, Eportal-2200 | 2018-08-21 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in the management interface in ePortal Manager allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2018-0569 | 1 Basercms | 1 Basercms | 2018-08-21 | 6.5 MEDIUM | 8.8 HIGH |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-13021 | 1 Hongcms Project | 1 Hongcms | 2018-08-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. | |||||
| CVE-2018-0584 | 1 Iij | 1 Smartkey | 2018-08-21 | 5.0 MEDIUM | 7.5 HIGH |
| IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. | |||||
| CVE-2018-10658 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar. | |||||
| CVE-2018-10663 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in multiple models of Axis IP Cameras. There is an Incorrect Size Calculation. | |||||
| CVE-2018-10664 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the httpd process in multiple models of Axis IP Cameras. There is Memory Corruption. | |||||
| CVE-2018-10659 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction. | |||||
| CVE-2018-1000540 | 1 Loboevolution Project | 1 Loboevolution | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file. | |||||
| CVE-2018-12712 | 1 Joomla | 1 Joomla\! | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. | |||||
| CVE-2018-1000515 | 1 News-articles Project | 1 News-articles | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | |||||
| CVE-2018-12912 | 1 Hongcms Project | 1 Hongcms | 2018-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI. | |||||
| CVE-2018-12589 | 1 Polarisoffice | 1 Polaris Office 2017 | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | |||||
| CVE-2018-1000548 | 1 Umlet | 1 Umlet | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixed in 14.3. | |||||
| CVE-2018-1000546 | 1 Triplea-game | 1 Triplea | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML). | |||||
| CVE-2018-1000542 | 1 Netbeans-mmd-plugin Project | 1 Netbeans-mmd-plugin | 2018-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file. | |||||
| CVE-2018-12999 | 1 Zohocorp | 1 Manageengine Desktop Central | 2018-08-20 | 6.4 MEDIUM | 7.5 HIGH |
| Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | |||||
| CVE-2018-12995 | 1 Onefilecms | 1 Onefilecms | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | |||||
| CVE-2018-12994 | 1 Onefilecms | 1 Onefilecms | 2018-08-20 | 6.5 MEDIUM | 8.8 HIGH |
| onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | |||||
| CVE-2018-12988 | 1 Greencms | 1 Greencms | 2018-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | |||||
| CVE-2017-14650 | 1 Horde | 1 Horde Image Api | 2018-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | |||||
| CVE-2017-9774 | 1 Horde | 1 Horde Image Api | 2018-08-18 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | |||||
| CVE-2017-16837 | 1 Trusted Boot Project | 1 Trusted Boot | 2018-08-17 | 4.6 MEDIUM | 7.8 HIGH |
| Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. | |||||
| CVE-2018-13161 | 1 Multigames Project | 1 Multigames | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13160 | 1 Etktokens Project | 1 Etktokens | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13155 | 1 Gemchain Project | 1 Gemchain | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13157 | 1 Cryptonitexcoin Project | 1 Cryptonitexcoin | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13158 | 1 Assettoken Project | 1 Assettoken | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13156 | 1 Bonustoken Project | 1 Bonustoken | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13159 | 1 Bankcoin Project | 1 Bankcoin | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13171 | 1 Ladatoken Project | 1 Ladatoken | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13172 | 1 Bzxcoin Project | 1 Bzxcoin | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13164 | 1 Eppcoin Project | 1 Eppcoin | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13167 | 1 Yu Gi Oh Project | 1 Yu Gi Oh | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13165 | 1 Justdcoin Project | 1 Justdcoin | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13166 | 1 Athleticoin Project | 1 Athleticoin | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13168 | 1 Netkillerbatchtoken Project | 1 Netkillerbatchtoken | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13162 | 1 Alex Project | 1 Alex | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13163 | 1 Ethernet Cash Project | 1 Ethernet Cash | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13174 | 1 Cryptoabs Project | 1 Cryptoabs | 2018-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||