Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2109 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2018-07-19 | 7.8 HIGH | 7.5 HIGH |
| The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. | |||||
| CVE-2016-2176 | 1 Openssl | 1 Openssl | 2018-07-19 | 6.4 MEDIUM | 8.2 HIGH |
| The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. | |||||
| CVE-2016-3506 | 1 Oracle | 1 Jdbc | 2018-07-19 | 6.8 MEDIUM | 8.1 HIGH |
| Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-9878 | 1 Pivotal Software | 1 Spring Framework | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. | |||||
| CVE-2017-13218 | 1 Google | 1 Android | 2018-07-19 | 4.7 MEDIUM | 4.7 MEDIUM |
| Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845. | |||||
| CVE-2017-6074 | 1 Linux | 1 Linux Kernel | 2018-07-19 | 7.2 HIGH | 7.8 HIGH |
| The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. | |||||
| CVE-2018-13712 | 1 Pmet Project | 1 Pmet | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13713 | 1 Tradesman Project | 1 Tradesman | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13714 | 1 Cm Project | 1 Cm | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13703 | 1 Cerb Coin Project | 1 Cerb Coin | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13704 | 1 Eddtoken Project | 1 Eddtoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13705 | 1 Pmhtoken Project | 1 Pmhtoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13706 | 1 Ideacoin Project | 1 Ideacoin | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13707 | 1 Yss Project | 1 Yss | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13708 | 1 Buytoken Project | 1 Buytoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13710 | 1 Mjolnir Project | 1 Mjolnir | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13711 | 1 Databits Project | 1 Databits | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13701 | 1 Kissme Project | 1 Kissme | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13702 | 1 Essence Project | 1 Essence | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2018-07-18 | 3.5 LOW | 5.4 MEDIUM |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | |||||
| CVE-2018-1000198 | 1 Jenkins | 1 Black Duck Hub | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document. | |||||
| CVE-2018-1000202 | 1 Jenkins | 1 Groovy Postbuild | 2018-07-18 | 3.5 LOW | 5.4 MEDIUM |
| A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-1000196 | 1 Jenkins | 1 Gitlab Hook | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token. | |||||
| CVE-2018-1000190 | 1 Jenkins | 1 Black Duck Hub | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2018-07-18 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | |||||
| CVE-2018-1000186 | 1 Jenkins | 1 Github Pull Request Builder | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2018-1000185 | 1 Jenkins | 1 Github Branch Source | 2018-07-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000184 | 1 Jenkins | 1 Github | 2018-07-18 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000183 | 1 Jenkins | 1 Github | 2018-07-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2018-1000182 | 1 Jenkins | 1 Git | 2018-07-18 | 5.5 MEDIUM | 6.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-3756 | 1 Hyperledger | 1 Iroha | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures. | |||||
| CVE-2018-13738 | 1 Pelocointoken Project | 1 Pelocointoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13739 | 1 Dopnetwork Project | 1 Dopnetwork | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13740 | 1 Onechain Project | 1 Onechain | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13741 | 1 Ablgenesistoken Project | 1 Ablgenesistoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13742 | 1 Tickets Project | 1 Tickets | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13744 | 1 Crowdnext Project | 1 Crowdnext | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13745 | 1 Stctoken Project | 1 Stctoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13746 | 1 Kbit Project | 1 Kbit | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13733 | 1 Projectj Project | 1 Projectj | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13734 | 1 Azttoken Project | 1 Azttoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13735 | 1 Entertoken Project | 1 Entertoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13736 | 1 Elearningcoinerc Project | 1 Elearningcoinerc | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13737 | 1 Anovabace Project | 1 Anovabace | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13715 | 1 Bpstoken Project | 1 Bpstoken | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13732 | 1 Riptidecoin Project | 1 Riptidecoin | 2018-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13303 | 1 Ffmpeg | 1 Ffmpeg | 2018-07-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2018-13301 | 1 Ffmpeg | 1 Ffmpeg | 2018-07-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2015-3218 | 1 Polkit Project | 1 Polkit | 2018-07-18 | 2.1 LOW | N/A |
| The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. | |||||