Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000604 | 1 Jenkins | 1 Badge | 2018-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-13129 | 1 Sp8de | 1 Sp8de | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | |||||
| CVE-2018-1000538 | 1 Minio | 1 Minio | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can result in Denial of Service. This attack appear to be exploitable via Sending V4-(pre)signed requests with large bodies . This vulnerability appears to have been fixed in after commit 9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7. | |||||
| CVE-2018-13130 | 1 Bitotal | 1 Bitotal | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | |||||
| CVE-2018-13131 | 1 Spadepresale Project | 1 Spadepresale | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | |||||
| CVE-2018-13132 | 1 Spadeico Project | 1 Spadeico | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | |||||
| CVE-2018-13225 | 1 Myylc Project | 1 Myylc | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13227 | 1 Moneychainnet Project | 1 Moneychainnet | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13228 | 1 Crowdnext Project | 1 Crowdnext | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13229 | 1 Riptidecoin Project | 1 Riptidecoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13230 | 1 Destineed Project | 1 Destineed | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13231 | 1 Entertoken Project | 1 Entertoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13113 | 1 Easy Trading Token Project | 1 Easy Trading Token | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. | |||||
| CVE-2018-13232 | 1 Entercoin Project | 1 Entercoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13233 | 1 Gsi Project | 1 Gsi | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-13144 | 1 Pandora Project | 1 Pandora | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. | |||||
| CVE-2018-13145 | 1 Javaswaptest Project | 1 Javaswaptest | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. | |||||
| CVE-2018-13068 | 1 Azuriontoken Project | 1 Azuriontoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13069 | 1 Dychain Project | 1 Dychain | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13070 | 1 Encryptedtoken Project | 1 Encryptedtoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13072 | 1 Coffeecoin Project | 1 Coffeecoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13073 | 1 Ethereumblack Project | 1 Ethereumblack | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13146 | 1 Lef Project | 1 Lef | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. | |||||
| CVE-2018-13074 | 1 Fibtoken Project | 1 Fibtoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13076 | 1 Betcash Project | 1 Betcash | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13077 | 1 Ctb Project | 1 Ctb | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13078 | 1 Jitech Project | 1 Jitech | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13079 | 1 Goodto Project | 1 Goodto | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13080 | 1 Goutex Project | 1 Goutex | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13085 | 1 Freecoin Project | 1 Freecoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13086 | 1 Iadowr Project | 1 Iadowr | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13089 | 1 Ucointoken Project | 1 Ucointoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13090 | 1 Yitongcoin Project | 1 Yitongcoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13091 | 1 Sumocoin Project | 1 Sumocoin | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13092 | 1 Reimbursetoken Project | 1 Reimbursetoken | 2018-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2018-08-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | |||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2018-08-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | |||||
| CVE-2018-3752 | 1 Merge-options Project | 1 Merge-options | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3749 | 1 Deap Project | 1 Deap | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-3750 | 1 Deep Extend Project | 1 Deep Extend | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | |||||
| CVE-2018-13408 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
| CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | |||||
| CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2018-08-23 | 5.5 MEDIUM | 4.9 MEDIUM |
| A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | |||||
| CVE-2018-13116 | 1 Zzcms | 1 Zzcms | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | |||||
| CVE-2012-1675 | 1 Oracle | 1 Database Server | 2018-08-23 | 7.5 HIGH | N/A |
| The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." | |||||
| CVE-2017-16859 | 1 Atlassian | 2 Crucible, Fisheye | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter. | |||||
| CVE-2017-9312 | 1 Rockwellautomation | 2 Allen-bradley L30erms, Allen-bradley L30erms Firmware | 2018-08-23 | 7.8 HIGH | 7.5 HIGH |
| Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | |||||
| CVE-2018-14443 | 1 Gnu | 1 Libredwg | 2018-08-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV). | |||||
| CVE-2018-7773 | 1 Schneider-electric | 1 U.motion Builder | 2018-08-23 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. | |||||