Search
Total
1941 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14003 | 1 Wmctoken Project | 1 Wmctoken | 2019-10-11 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-13743 | 1 Sectoken Project | 1 Sectoken | 2019-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2019-9139 | 1 Datools | 1 Daviewindy | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-6753 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7561. | |||||
| CVE-2019-11476 | 1 Canonical | 1 Ubuntu Linux | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process. | |||||
| CVE-2019-10142 | 1 Linux | 1 Linux Kernel | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects. | |||||
| CVE-2018-10921 | 1 Ttembed Project | 1 Ttembed | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls. | |||||
| CVE-2017-9282 | 1 Microfocus | 1 Visibroker | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |||||
| CVE-2017-7482 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Mrg | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | |||||
| CVE-2017-17409 | 1 Bitdefender | 1 Internet Security 2018 | 2019-10-09 | 9.3 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102. | |||||
| CVE-2017-17408 | 1 Bitdefender | 1 Internet Security 2018 | 2019-10-09 | 9.3 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101. | |||||
| CVE-2017-12177 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12179 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-10954 | 1 Bitdefender | 1 Internet Security 2018 | 2019-10-09 | 9.3 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361. | |||||
| CVE-2016-8620 | 1 Haxx | 1 Curl | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | |||||
| CVE-2016-2120 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. | |||||
| CVE-2015-5297 | 1 Pixman | 1 Pixman | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. | |||||
| CVE-2019-16508 | 1 Google | 1 Chrome Os | 2019-10-08 | 9.3 HIGH | 7.8 HIGH |
| The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate. | |||||
| CVE-2018-13709 | 1 Diytubecoin Project | 1 Diytubecoin | 2019-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13699 | 1 Destineedtoken Project | 1 Destineedtoken | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13670 | 1 Gfcoin | 1 Gfcb | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13169 | 1 Ethereum Cash Pro Coin Project | 1 Ethereum Cash Pro Coin | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13170 | 1 Snoqualmiecoin Project | 1 Snoqualmiecoin | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13181 | 1 Cointroops Project | 1 Cointroops | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13176 | 1 Trustzen Project | 1 Trustzen | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13177 | 1 Miningrigrentalstoken Project | 1 Miningrigrentalstoken | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13179 | 1 Aircontacttoken Project | 1 Aircontacttoken | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13180 | 1 Immcoin Project | 1 Immcoin | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13194 | 1 Ttcoin Project | 1 Ttcoin | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13183 | 1 Jwctoken Project | 1 Jwctoken | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13195 | 1 Cranooadvanced Project | 1 Cranooadvanced | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13686 | 1 Icodollar Project | 1 Icodollar | 2019-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13676 | 1 Orderbookpresaletoken Project | 1 Orderbookpresaletoken | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13187 | 1 Cibnliveinteractive Project | 1 Cibnliveinteractive | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13178 | 1 Ecpoints Project | 1 Ecpoints | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13191 | 1 Supercarboncoin Project | 1 Supercarboncoin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2017-7542 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | |||||
| CVE-2017-16797 | 1 Swftools | 1 Swftools | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. | |||||
| CVE-2018-11985 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer. | |||||
| CVE-2018-12062 | 1 Swft | 1 Swftcoin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12063 | 1 Intchain | 1 Node Token | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-5907 | 1 Google | 1 Android | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-12067 | 1 Substratum | 1 Substratum | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-12068 | 1 Tgtcoins | 1 Target Coin | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-11826 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler. | |||||
| CVE-2018-12070 | 1 Sec Project | 1 Sec | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | |||||
| CVE-2018-11446 | 1 Gold Reward Project | 1 Gold Reward | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The buy function of a smart contract implementation for Gold Reward (GRX), an Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the buyer because of overflow of the multiplication of its argument amount and a manipulable variable buyPrice, aka the "tradeTrap" issue. | |||||
| CVE-2017-9835 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | |||||
| CVE-2017-9690 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow. | |||||
| CVE-2017-9196 | 1 Autotrace Project | 1 Autotrace | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7. | |||||