Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8046 | 1 Sencha | 1 Ext Js | 2018-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | |||||
| CVE-2018-5838 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2018-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. | |||||
| CVE-2018-8324 | 1 Microsoft | 2 Edge, Windows 10 | 2018-09-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325. | |||||
| CVE-2013-0589 | 1 Ibm | 1 Inotes | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371. | |||||
| CVE-2013-0594 | 1 Ibm | 1 Inotes | 2018-09-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. | |||||
| CVE-2018-5891 | 1 Qualcomm | 30 Msm8909w, Msm8909w Firmware, Msm8996au and 27 more | 2018-09-04 | 4.6 MEDIUM | 8.4 HIGH |
| While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2013-0592 | 1 Ibm | 1 Inotes | 2018-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. | |||||
| CVE-2018-13388 | 1 Atlassian | 2 Crucible, Fisheye | 2018-09-04 | 3.5 LOW | 5.4 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | |||||
| CVE-2013-2972 | 1 Ibm | 1 Websphere Cast Iron Cloud Integration | 2018-09-04 | 7.8 HIGH | 7.5 HIGH |
| IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. | |||||
| CVE-2018-3751 | 1 Umbraengineering | 1 Merge-recursive | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | |||||
| CVE-2018-13054 | 2 Debian, Linuxmint | 2 Debian Linux, Cinnamon | 2018-09-04 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. | |||||
| CVE-2018-8025 | 1 Apache | 1 Hbase | 2018-09-04 | 6.8 MEDIUM | 8.1 HIGH |
| CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be treated as an authenticated user. https://issues.apache.org/jira/browse/HBASE-20664 implements a fix for this issue. It has been fixed in versions: 1.2.6.1, 1.3.2.1, 1.4.5, 2.0.1. | |||||
| CVE-2018-13056 | 1 Zzcms | 1 Zzcms | 2018-09-04 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-13123 | 1 Onefilecms | 1 Onefilecms | 2018-09-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | |||||
| CVE-2018-12575 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | |||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
| CVE-2018-5862 | 1 Google | 1 Android | 2018-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. | |||||
| CVE-2018-12691 | 1 Onosproject | 1 Onos | 2018-09-04 | 4.3 MEDIUM | 6.8 MEDIUM |
| Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | |||||
| CVE-2018-12018 | 1 Ethereum | 1 Go Ethereum | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. | |||||
| CVE-2018-13121 | 1 Realnetworks | 1 Realone Player | 2018-09-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. | |||||
| CVE-2018-1000504 | 1 Redirection | 1 Redirection | 2018-09-04 | 9.0 HIGH | 7.2 HIGH |
| Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. | |||||
| CVE-2018-1000614 | 1 Onosproject | 1 Onos | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. | |||||
| CVE-2018-1000616 | 1 Onosproject | 1 Onos | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2017-0929 | 1 Dnnsoftware | 1 Dotnetnuke | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2017-11088 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Msm8996au and 25 more | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. | |||||
| CVE-2017-0921 | 1 Gitlab | 1 Gitlab | 2018-09-04 | 6.8 MEDIUM | 8.1 HIGH |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | |||||
| CVE-2017-0919 | 1 Gitlab | 1 Gitlab | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | |||||
| CVE-2018-13545 | 1 Hashshield Project | 1 Hashshield | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13546 | 1 Ccash Project | 1 Ccash | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13547 | 1 Pve Project | 1 Pve | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13549 | 1 Neurotoken | 1 Neurotoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13550 | 1 Coquinhoerc20 Project | 1 Coquinhoerc20 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13551 | 1 Bgamecoin Project | 1 Bgamecoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13560 | 1 Kelvintoken Project | 1 Kelvintoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13561 | 1 Eth033 Project | 1 Eth033 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13562 | 1 Bmvcoin | 1 Bmvcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13566 | 1 Retainly | 1 Retntoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13567 | 1 Sdr22 Project | 1 Sdr22 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13568 | 1 Mktcoin | 1 Mktcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13569 | 1 Yaofache | 1 Hittoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13570 | 1 Kktestcoin1 Project | 1 Kktestcoin1 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13575 | 1 Yestoken Project | 1 Yestoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13579 | 1 Forevercoin Project | 1 Forevercoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13580 | 1 Providencecasino Project | 1 Providencecasino | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13582 | 1 My2token Project | 1 My2token | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13583 | 1 Shmoo Project | 1 Shmoo | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13585 | 1 Cherrycoin Project | 1 Cherrycoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13586 | 1 Nectarcoin Project | 1 Nectarcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13588 | 1 Code47 | 1 Code47 | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||