Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13589 | 1 Mooadvtoken Project | 1 Mooadvtoken | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13590 | 1 Sipcoin | 1 Sipcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13591 | 1 Kapcoin Project | 1 Kapcoin | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13067 | 1 Opencart | 1 Opencart | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | |||||
| CVE-2018-13592 | 1 Rajtestico Project | 1 Rajtestico | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-3754 | 1 Query-mysql Project | 1 Query-mysql | 2018-09-04 | 6.5 MEDIUM | 8.8 HIGH |
| Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database. | |||||
| CVE-2017-16820 | 1 Collectd | 1 Collectd | 2018-09-04 | 10.0 HIGH | 9.8 CRITICAL |
| The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). | |||||
| CVE-2018-9998 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-09-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. | |||||
| CVE-2018-13223 | 1 Rtokenmain Project | 1 Rtokenmain | 2018-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-11124 | 1 Opmantek | 1 Open-audit | 2018-09-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | |||||
| CVE-2018-1000539 | 1 Json-jwt Project | 1 Json-jwt | 2018-09-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. | |||||
| CVE-2018-11723 | 1 Libpff Project | 1 Libpff | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub. | |||||
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-11730 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub. | |||||
| CVE-2018-12096 | 1 Liblnk Project | 1 Liblnk | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. | |||||
| CVE-2018-12097 | 1 Liblnk Project | 1 Liblnk | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. | |||||
| CVE-2018-12098 | 1 Liblnk Project | 1 Liblnk | 2018-09-01 | 1.9 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub. | |||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | |||||
| CVE-2018-13032 | 1 Ecessa | 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | |||||
| CVE-2018-11643 | 1 Dialogic | 1 Powermedia Xms | 2018-08-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | |||||
| CVE-2018-13106 | 1 Clippercms | 1 Clippercms | 2018-08-31 | 3.5 LOW | 4.8 MEDIUM |
| ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | |||||
| CVE-2018-5528 | 1 F5 | 1 Big-ip Access Policy Manager | 2018-08-31 | 3.5 LOW | 5.3 MEDIUM |
| Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. | |||||
| CVE-2018-13869 | 1 Hdfgroup | 1 Hdf5 | 2018-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. | |||||
| CVE-2018-12907 | 1 Rclone | 1 Rclone | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | |||||
| CVE-2018-13472 | 1 Clouttoken Project | 1 Clouttoken | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13544 | 1 Numisma | 1 Numisma | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13476 | 1 Philcoin | 1 Philcoin | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13496 | 1 Rajtestico Project | 1 Rajtestico | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13541 | 1 Cryptoleu Project | 1 Cryptoleu | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13542 | 1 Zibtoken | 1 Zibtoken | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-3840 | 1 Pixar | 1 Renderman | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | |||||
| CVE-2018-1000559 | 1 Qutebrowser | 1 Qutebrowser | 2018-08-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). | |||||
| CVE-2018-1000537 | 1 Marlinfw | 1 Marlin Firmware | 2018-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer. | |||||
| CVE-2018-12921 | 1 Electroind | 2 Gaugetech Nexus, Gaugetech Nexus Firmware | 2018-08-31 | 5.0 MEDIUM | 7.5 HIGH |
| Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI. | |||||
| CVE-2014-9222 | 1 Allegrosoft | 1 Rompager | 2018-08-31 | 10.0 HIGH | N/A |
| AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability. | |||||
| CVE-2018-1000532 | 1 Beep Project | 1 Beep | 2018-08-30 | 1.9 LOW | 4.7 MEDIUM |
| beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | |||||
| CVE-2018-10076 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2018-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | |||||
| CVE-2018-1000531 | 1 Inversoft | 1 Prime-jwt | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba. | |||||
| CVE-2018-13050 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | |||||
| CVE-2018-13049 | 1 Glpi-project | 1 Glpi | 2018-08-30 | 6.5 MEDIUM | 8.8 HIGH |
| The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | |||||
| CVE-2018-13628 | 1 Momentumprotocol | 1 Momentumtoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13629 | 1 Crimsonshilling Project | 1 Crimsonshilling | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13630 | 1 Doccoinpreico Project | 1 Doccoinpreico | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13631 | 1 Doc-coin | 1 Doccoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13632 | 1 Nexpara Project | 1 Nexpara | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13633 | 1 Martcoin | 1 Martcoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13634 | 1 Mct | 1 Mediacubetoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||