Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13642 | 1 Secoin Project | 1 Secoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13643 | 1 Gcrtokenerc20 Project | 1 Gcrtokenerc20 | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13644 | 1 Royalclassiccoin Project | 1 Royalclassiccoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13638 | 1 Bitpark Project | 1 Bitpark | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13639 | 1 Veu Tokenerc20 Project | 1 Veu Tokenerc20 | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13640 | 1 Ethereumsmart Project | 1 Ethereumsmart | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13636 | 1 Turdcoin Project | 1 Turdcoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13637 | 1 Cikkaa | 1 Cikkacoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13847 | 1 Axiosys | 1 Bento4 | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. | |||||
| CVE-2018-13848 | 1 Axiosys | 1 Bento4 | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. | |||||
| CVE-2018-11335 | 1 Genesis Vision | 1 Gvtoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | |||||
| CVE-2018-1000505 | 1 Tooltipy | 1 Tooltipy | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1. | |||||
| CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2018-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | |||||
| CVE-2018-1000507 | 1 Jjj | 1 Wp User Groups | 2018-08-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in allows anybody to modify user groups and types. This attack appear to be exploitable via Admin must click on link. This vulnerability appears to have been fixed in 2.1.1. | |||||
| CVE-2018-13184 | 1 Travelzeditoken Project | 1 Travelzeditoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-1000501 | 1 Instant-update | 1 Instant Update Cms | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3. | |||||
| CVE-2012-1790 | 1 Webgrind Project | 1 Webgrind | 2018-08-30 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. | |||||
| CVE-2015-8767 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-08-30 | 4.9 MEDIUM | 6.2 MEDIUM |
| net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | |||||
| CVE-2016-2053 | 1 Linux | 1 Linux Kernel | 2018-08-30 | 4.7 MEDIUM | 4.7 MEDIUM |
| The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. | |||||
| CVE-2017-8890 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-08-30 | 7.2 HIGH | 7.8 HIGH |
| The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | |||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2018-08-30 | 3.5 LOW | 5.4 MEDIUM |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | |||||
| CVE-2018-10075 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2018-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | |||||
| CVE-2018-12255 | 1 Invoiceplane | 1 Invoiceplane | 2018-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. | |||||
| CVE-2018-1000528 | 2 Debian, Gonicus | 2 Debian Linux, Gosa | 2018-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. | |||||
| CVE-2018-1000526 | 1 Openpsa2 | 1 Openpsa | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26. | |||||
| CVE-2015-9265 | 2018-08-30 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14622. Reason: This candidate is a reservation duplicate of CVE-2018-14622. Notes: All CVE users should reference CVE-2018-14622 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2018-1000516 | 1 Galaxyproject | 1 Galaxy | 2018-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks. In this form of attack, a malicious person can create a URL which, when opened by a Galaxy user or administrator, would allow the malicious user to execute arbitrary Javascript. that can result in Arbitrary JavaScript code execution. This attack appear to be exploitable via The victim must interact with component on page witch contains injected JavaScript code.. This vulnerability appears to have been fixed in v14.10.1, v15.01. | |||||
| CVE-2018-12927 | 1 Northernnep | 2 Northern Electric \& Power Inverter, Northern Electric \& Power Inverter Firmware | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | |||||
| CVE-2018-12926 | 1 Pharoscontrols | 2 Pharos, Pharos Firmware | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | |||||
| CVE-2018-12702 | 1 Gve | 1 Globalvillage Ecosystem | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | |||||
| CVE-2018-12703 | 1 Block18 | 1 Block18 | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The approveAndCallcode function of a smart contract implementation for Block 18 (18T), an tradable Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability." | |||||
| CVE-2018-12705 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2018-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). | |||||
| CVE-2018-12706 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header. | |||||
| CVE-2018-11046 | 1 Pivotal Software | 1 Operations Manager | 2018-08-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager | |||||
| CVE-2018-11587 | 1 Centreon | 2 Centreon, Centreon Web | 2018-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | |||||
| CVE-2018-0563 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2018-08-30 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-12735 | 1 Saj-electric | 1 Saj Solar Inverter | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverter_info.htm or english_main.htm URI. | |||||
| CVE-2018-13576 | 1 Juntspercreixer | 1 Juntspercreixer | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13577 | 1 Advancedshit Project | 1 Advancedshit | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13578 | 1 Galaxycoin Project | 1 Galaxycoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13584 | 1 Yasudem Project | 1 Yasudem | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13587 | 1 Dectoken Project | 1 Dectoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13593 | 1 Osscardtoken Project | 1 Osscardtoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13594 | 1 Cardfactory Project | 1 Cardfactory | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13595 | 1 Bitstore Project | 1 Bitstore | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13596 | 1 Testahihi Project | 1 Testahihi | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13597 | 1 Testcoin Project | 1 Testcoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13625 | 1 Plutocracy | 1 Krown | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13624 | 1 Wxsltoken Project | 1 Wxsltoken | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13645 | 1 Fiocoin Project | 1 Fiocoin | 2018-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||