Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8008 | 1 Apache | 1 Storm | 2018-07-20 | 5.8 MEDIUM | 5.5 MEDIUM |
| Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | |||||
| CVE-2018-11518 | 1 Hcltech | 2 Legacy Ivr, Legacy Ivr Firmware | 2018-07-20 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece). | |||||
| CVE-2018-7943 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-07-20 | 6.5 MEDIUM | 8.8 HIGH |
| There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege. | |||||
| CVE-2018-6591 | 1 Conversejs | 1 Converse.js | 2018-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended. For example, users might have an expectation that chatroom bookmarks are private, but the various interacting software components do not necessarily make that happen. | |||||
| CVE-2018-11678 | 1 Monstra | 1 Monstra Cms | 2018-07-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. | |||||
| CVE-2018-11548 | 1 Block | 1 Eos | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address. | |||||
| CVE-2018-11692 | 1 Canon | 8 Lbp3370, Lbp3370 Firmware, Lbp3460 and 5 more | 2018-07-20 | 10.0 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation. | |||||
| CVE-2018-12066 | 1 Bird Project | 1 Bird | 2018-07-20 | 2.1 LOW | 5.5 MEDIUM |
| BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. | |||||
| CVE-2015-9240 | 1 Keystonejs | 1 Keystone | 2018-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in. | |||||
| CVE-2018-10813 | 1 Aprendecondedos | 1 Dedos-web | 2018-07-20 | 7.5 HIGH | 7.3 HIGH |
| In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation. | |||||
| CVE-2018-10966 | 1 Gamerpolls | 1 Gamerpolls | 2018-07-20 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. | |||||
| CVE-2018-10751 | 1 Samsung | 1 Samsung Mobile | 2018-07-20 | 5.4 MEDIUM | 5.3 MEDIUM |
| A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463. | |||||
| CVE-2017-16038 | 1 F2e-server Project | 1 F2e-server | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run. | |||||
| CVE-2018-13668 | 1 Btpcoin Project | 1 Btpcoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13669 | 1 Ncu Project | 1 Ncu | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13671 | 1 Dinsteincoin Project | 1 Dinsteincoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13672 | 1 Obtcoin Project | 1 Obtcoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13673 | 1 Goldtokenerc20 Project | 1 Goldtokenerc20 | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13674 | 1 Combilladvancedtoken Project | 1 Combilladvancedtoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13675 | 1 Yambyo Project | 1 Yambyo | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13677 | 1 Goochain Project | 1 Goochain | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13678 | 1 Lottery Project | 1 Lottery | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13679 | 1 Zpecoin Project | 1 Zpecoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13680 | 1 Lexittoken Project | 1 Lexittoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13681 | 1 Soscoin Project | 1 Soscoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13683 | 1 Exsulcoin Project | 1 Exsulcoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13684 | 1 Zip Project | 1 Zip | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13685 | 1 Vornoxcointoken Project | 1 Vornoxcointoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13687 | 1 Normikaivo Project | 1 Normikaivo | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13688 | 1 Malltoken Project | 1 Malltoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13689 | 1 Cjxtoken Project | 1 Cjxtoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13690 | 1 Instacocoa Project | 1 Instacocoa | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13691 | 1 Rtokenmain Project | 1 Rtokenmain | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13692 | 1 Mehditazitoken Project | 1 Mehditazitoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13693 | 1 Greenenergytoken Project | 1 Greenenergytoken | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13694 | 1 Gmile Project | 1 Gmile | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13695 | 1 Ctest7 Project | 1 Ctest7 | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13696 | 1 Redticket Project | 1 Redticket | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13697 | 1 Robotbtc Project | 1 Robotbtc | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13698 | 1 Play2livepromo Project | 1 Play2livepromo | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13700 | 1 Ipmcoin Project | 1 Ipmcoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13682 | 1 Vitemoneycoin Project | 1 Vitemoneycoin | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2017-16198 | 1 Ritp Project | 1 Ritp | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible. | |||||
| CVE-2014-2532 | 2 Openbsd, Oracle | 2 Openssh, Communications User Data Repository | 2018-07-19 | 5.8 MEDIUM | 4.9 MEDIUM |
| sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | |||||
| CVE-2014-9746 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2018-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | |||||
| CVE-2015-0204 | 1 Openssl | 1 Openssl | 2018-07-19 | 4.3 MEDIUM | N/A |
| The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. | |||||
| CVE-2015-3414 | 4 Apple, Canonical, Debian and 1 more | 5 Mac Os X, Watchos, Ubuntu Linux and 2 more | 2018-07-19 | 7.5 HIGH | N/A |
| SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | |||||
| CVE-2015-3415 | 4 Apple, Canonical, Debian and 1 more | 5 Mac Os X, Watchos, Ubuntu Linux and 2 more | 2018-07-19 | 7.5 HIGH | N/A |
| The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. | |||||
| CVE-2015-3416 | 4 Apple, Canonical, Debian and 1 more | 5 Mac Os X, Watchos, Ubuntu Linux and 2 more | 2018-07-19 | 7.5 HIGH | N/A |
| The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. | |||||
| CVE-2016-2106 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | |||||