Weekly Vulnerabilities Reports > July 2 to 8, 2018
Overview
441 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 72 high severity vulnerabilities. This weekly summary report vulnerabilities in 475 products from 234 vendors including IBM, Google, Schneider Electric, Debian, and Qualcomm. Vulnerabilities are notably categorized as "Integer Overflow or Wraparound", "Cross-site Scripting", "Out-of-bounds Read", "Improper Input Validation", and "SQL Injection".
- 366 reported vulnerabilities are remotely exploitables.
- 15 reported vulnerabilities have public exploit available.
- 120 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 357 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 46 reported vulnerabilities.
- Redhat has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-06 | CVE-2018-5855 | Out-of-bounds Read vulnerability in Google Android While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur. | 10.0 | |
2018-07-06 | CVE-2018-3608 | Trendmicro Microsoft | Code Injection vulnerability in Trendmicro products A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | 10.0 |
2018-07-06 | CVE-2018-3586 | Integer Overflow or Wraparound vulnerability in Google Android An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 10.0 | |
2018-07-03 | CVE-2018-4853 | Siemens | Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 10.0 |
2018-07-03 | CVE-2018-13101 | Redswimmer | Unspecified vulnerability in Redswimmer Kiosksimple 1.4.7.0 KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. | 10.0 |
2018-07-08 | CVE-2018-13447 | Dolibarr | SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | 9.8 |
2018-07-06 | CVE-2018-13410 | Info ZIP Project | Use After Free vulnerability in Info-Zip Project ZIP 3.0 Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. | 9.8 |
2018-07-05 | CVE-2018-12976 | Godoc | Path Traversal vulnerability in Godoc GO DOC DOT ORG 20180627 In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. | 9.8 |
2018-07-05 | CVE-2018-12910 | Gnome Canonical Debian Redhat Opensuse | Out-of-bounds Read vulnerability in multiple products The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | 9.8 |
2018-07-03 | CVE-2018-11746 | Puppet | Insufficiently Protected Credentials vulnerability in Puppet Discovery 1.0.0/1.0.1/1.1.0 In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. | 9.8 |
2018-07-03 | CVE-2018-11316 | Sonos | Improper Input Validation vulnerability in Sonos Firmware The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. | 9.6 |
2018-07-03 | CVE-2018-11314 | Roku | Improper Input Validation vulnerability in Roku Firmware The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. | 9.6 |
2018-07-03 | CVE-2018-4854 | Siemens | Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 9.3 |
2018-07-03 | CVE-2017-2615 | Qemu Redhat Citrix Debian XEN | Out-of-bounds Write vulnerability in multiple products Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. | 9.1 |
2018-07-03 | CVE-2018-11638 | Dialogic | Unrestricted Upload of File with Dangerous Type vulnerability in Dialogic Powermedia XMS Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | 9.0 |
2018-07-02 | CVE-2018-1212 | Dell | Command Injection vulnerability in Dell Idrac6 Modular and Idrac6 Monolithic The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. | 9.0 |
2018-07-02 | CVE-2018-10843 | Redhat | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. | 9.0 |
72 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-06 | CVE-2018-13110 | Adbglobal | Incorrect Permission Assignment for Critical Resource vulnerability in Adbglobal products All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. | 8.5 |
2018-07-05 | CVE-2018-10987 | Diqee | OS Command Injection vulnerability in Diqee Diqee360 Firmware An issue was discovered on Dongguan Diqee Diqee360 devices. | 8.5 |
2018-07-03 | CVE-2018-4851 | Siemens | Improper Input Validation vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 8.5 |
2018-07-06 | CVE-2018-5872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. | 8.3 | |
2018-07-05 | CVE-2018-12520 | Ntop | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Ntop Ntopng 3.4 An issue was discovered in ntopng 3.4 before 3.4.180617. | 8.1 |
2018-07-05 | CVE-2018-3761 | Nextcloud | Improper Authentication vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. | 8.1 |
2018-07-02 | CVE-2018-8039 | Apache Redhat | Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. | 8.1 |
2018-07-06 | CVE-2018-5907 | Integer Overflow or Wraparound vulnerability in Google Android Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 | |
2018-07-06 | CVE-2018-3570 | NULL Pointer Dereference vulnerability in Google Android In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference. | 7.8 | |
2018-07-06 | CVE-2018-11304 | Integer Overflow or Wraparound vulnerability in Google Android Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 | |
2018-07-06 | CVE-2017-15851 | Information Exposure vulnerability in Google Android Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel | 7.8 | |
2018-07-06 | CVE-2018-5829 | Out-of-bounds Read vulnerability in Google Android In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur. | 7.8 | |
2018-07-06 | CVE-2018-13406 | Linux Canonical Debian | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | 7.8 |
2018-07-06 | CVE-2018-13405 | Linux Debian Canonical Fedoraproject Redhat F5 | Improper Privilege Management vulnerability in multiple products The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. | 7.8 |
2018-07-05 | CVE-2016-10724 | Bitcoin | Resource Exhaustion vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. | 7.8 |
2018-07-02 | CVE-2018-10874 | Redhat | Untrusted Search Path vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 7.8 |
2018-07-08 | CVE-2018-13450 | Dolibarr | SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. | 7.5 |
2018-07-08 | CVE-2018-13449 | Dolibarr | SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. | 7.5 |
2018-07-08 | CVE-2018-13448 | Dolibarr | SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. | 7.5 |
2018-07-07 | CVE-2018-13421 | Fast CPP CSV Parser Project | Out-of-bounds Read vulnerability in Fast-Cpp-Csv-Parser Project Fast-Cpp-Csv-Parser Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h. | 7.5 |
2018-07-07 | CVE-2018-13420 | Gperftools Project | Missing Release of Resource after Effective Lifetime vulnerability in Gperftools Project Gperftools 2.7 Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. | 7.5 |
2018-07-06 | CVE-2018-5885 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. | 7.5 |
2018-07-06 | CVE-2018-5882 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 7.5 |
2018-07-06 | CVE-2018-5878 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 7.5 |
2018-07-06 | CVE-2017-11088 | Qualcomm | SQL Injection vulnerability in Qualcomm products Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. | 7.5 |
2018-07-06 | CVE-2018-13347 | Mercurial | Integer Overflow or Wraparound vulnerability in Mercurial mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | 7.5 |
2018-07-05 | CVE-2018-13052 | Cyberark | Unspecified vulnerability in Cyberark Endpoint Privilege Manager In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | 7.5 |
2018-07-05 | CVE-2018-12571 | Microsoft | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Forefront Unified Access Gateway 2010 uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | 7.5 |
2018-07-05 | CVE-2018-12113 | Coreftp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Coreftp Core FTP 2.2 Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response. | 7.5 |
2018-07-05 | CVE-2018-13328 | PFG Project | Integer Overflow or Wraparound vulnerability in PFG Project PFG The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | 7.5 |
2018-07-05 | CVE-2018-13327 | Chucunlingaigo Project | Integer Overflow or Wraparound vulnerability in Chucunlingaigo Project Chucunlingaigo The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. | 7.5 |
2018-07-05 | CVE-2018-13326 | Bittelux Project | Integer Overflow or Wraparound vulnerability in Bittelux Project Bittelux The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. | 7.5 |
2018-07-05 | CVE-2018-13325 | Boodskap | Integer Overflow or Wraparound vulnerability in Boodskap Growchain The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. | 7.5 |
2018-07-05 | CVE-2018-3766 | Buttle Project | Path Traversal vulnerability in Buttle Project Buttle Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | 7.5 |
2018-07-05 | CVE-2018-8038 | Apache | Improper Input Validation vulnerability in Apache CXF Fediz Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. | 7.5 |
2018-07-05 | CVE-2018-13163 | Ethernet Cash Project | Integer Overflow or Wraparound vulnerability in Ethernet Cash Project Ethernet Cash The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 7.5 |
2018-07-05 | CVE-2018-13162 | Alex Project | Integer Overflow or Wraparound vulnerability in Alex Project Alex The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 7.5 |
2018-07-04 | CVE-2018-13146 | LEF Project | Integer Overflow or Wraparound vulnerability in LEF Project LEF The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. | 7.5 |
2018-07-04 | CVE-2018-13145 | Javaswaptest Project | Integer Overflow or Wraparound vulnerability in Javaswaptest Project Javaswaptest The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. | 7.5 |
2018-07-04 | CVE-2018-13144 | Pandora Project | Integer Overflow or Wraparound vulnerability in Pandora Project Pandora The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. | 7.5 |
2018-07-03 | CVE-2018-3753 | Merge Object Project | Improper Input Validation vulnerability in Merge-Object Project Merge-Object 0.1.0/1.0.0 The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
2018-07-03 | CVE-2018-3752 | Merge Options Project | Improper Input Validation vulnerability in Merge-Options Project Merge-Options 0.0.42/0.0.64/1.0.0 The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
2018-07-03 | CVE-2018-3751 | Umbraengineering | Improper Input Validation vulnerability in Umbraengineering Merge-Recursive The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
2018-07-03 | CVE-2018-3750 | Deep Extend Project | Improper Input Validation vulnerability in Deep Extend Project Deep Extend The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
2018-07-03 | CVE-2018-3749 | Deap Project | Improper Input Validation vulnerability in Deap Project Deap The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
2018-07-03 | CVE-2018-13116 | Zzcms | SQL Injection vulnerability in Zzcms 8.3. /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | 7.5 |
2018-07-03 | CVE-2018-13113 | Easy Trading Token Project | Integer Overflow or Wraparound vulnerability in Easy Trading Token Project Easy Trading Token The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. | 7.5 |
2018-07-03 | CVE-2018-11641 | Dialogic | Use of Hard-coded Credentials vulnerability in Dialogic Powermedia XMS Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | 7.5 |
2018-07-03 | CVE-2018-11635 | Dialogic | Use of Hard-coded Credentials vulnerability in Dialogic Powermedia XMS 3.5 Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | 7.5 |
2018-07-03 | CVE-2018-11052 | Dellemc | Improper Authentication vulnerability in Dellemc Elastic Cloud Storage 3.2.0.0/3.2.0.1 Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. | 7.5 |
2018-07-03 | CVE-2018-7785 | Schneider Electric | Command Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | 7.5 |
2018-07-03 | CVE-2018-7784 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric U.Motion In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. | 7.5 |
2018-07-03 | CVE-2018-7780 | Schneider Electric | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". | 7.5 |
2018-07-03 | CVE-2018-7778 | Schneider Electric | Missing Authentication for Critical Function vulnerability in Schneider-Electric Evlink Charging Station Firmware In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users. | 7.5 |
2018-07-03 | CVE-2018-4852 | Siemens | Improper Authentication vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 7.5 |
2018-07-02 | CVE-2018-12426 | 3CX | Unrestricted Upload of File with Dangerous Type vulnerability in 3CX Live Chat The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | 7.5 |
2018-07-02 | CVE-2018-12575 | TP Link | Improper Authentication vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16 On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | 7.5 |
2018-07-02 | CVE-2018-12528 | Intex | Unrestricted Upload of File with Dangerous Type vulnerability in Intex N150 Firmware An issue was discovered on Intex N150 devices. | 7.5 |
2018-07-02 | CVE-2018-13050 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0 A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. | 7.5 |
2018-07-06 | CVE-2018-5835 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 7.2 | |
2018-07-06 | CVE-2018-5831 | Use After Free vulnerability in Google Android In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition. | 7.2 | |
2018-07-06 | CVE-2018-5830 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 7.2 | |
2018-07-06 | CVE-2018-3569 | Out-of-bounds Read vulnerability in Google Android A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 7.2 | |
2018-07-06 | CVE-2017-18159 | Out-of-bounds Read vulnerability in Google Android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur. | 7.2 | |
2018-07-06 | CVE-2017-18158 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images. | 7.2 | |
2018-07-06 | CVE-2018-13108 | Adbglobal | Unspecified vulnerability in Adbglobal products All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP. | 7.2 |
2018-07-05 | CVE-2018-10988 | Diqee | Improper Verification of Cryptographic Signature vulnerability in Diqee Diqee360 Firmware An issue was discovered on Diqee Diqee360 devices. | 7.2 |
2018-07-05 | CVE-2018-7944 | Huawei | Unspecified vulnerability in Huawei Emily-Al00A Firmware 8.1.0.106(Sp2C00)/8.1.0.107(Sp5C00) Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. | 7.2 |
2018-07-03 | CVE-2018-11642 | Dialogic | Incorrect Permission Assignment for Critical Resource vulnerability in Dialogic Powermedia XMS Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | 7.2 |
2018-07-03 | CVE-2018-8870 | Medtronic | Use of Hard-coded Credentials vulnerability in Medtronic products Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. | 7.2 |
2018-07-02 | CVE-2018-9276 | Paessler | OS Command Injection vulnerability in Paessler Prtg Network Monitor An issue was discovered in PRTG Network Monitor before 18.2.39. | 7.2 |
2018-07-06 | CVE-2018-5873 | Google Linux | Use After Free vulnerability in multiple products An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. | 7.0 |
287 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-03 | CVE-2018-8868 | Medtronic | Unspecified vulnerability in Medtronic products Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. | 6.9 |
2018-07-08 | CVE-2018-13445 | Seacms | Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61 An issue was discovered in SeaCMS 6.61. | 6.8 |
2018-07-08 | CVE-2018-13444 | Seacms | Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61 An issue was discovered in SeaCMS 6.61. | 6.8 |
2018-07-07 | CVE-2018-11349 | Jirafeau | Cross-Site Request Forgery (CSRF) vulnerability in Jirafeau The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | 6.8 |
2018-07-06 | CVE-2018-5876 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 6.8 |
2018-07-06 | CVE-2018-5875 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 6.8 |
2018-07-06 | CVE-2018-5874 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 6.8 |
2018-07-06 | CVE-2018-8929 | Synology | Channel and Path Errors vulnerability in Synology SSL VPN Client Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | 6.8 |
2018-07-05 | CVE-2018-13340 | Gleeztech | Cross-Site Request Forgery (CSRF) vulnerability in Gleeztech Gleez CMS 1.2.0 Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | 6.8 |
2018-07-05 | CVE-2018-13031 | Damicms | Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0 DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | 6.8 |
2018-07-05 | CVE-2018-12739 | Beescms | Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0 In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | 6.8 |
2018-07-05 | CVE-2018-12021 | Sylabs | Information Exposure vulnerability in Sylabs Singularity Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. | 6.8 |
2018-07-05 | CVE-2018-13302 | Ffmpeg Debian | Improper Validation of Array Index vulnerability in multiple products In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. | 6.8 |
2018-07-05 | CVE-2016-10522 | Rails Admin Project | Cross-Site Request Forgery (CSRF) vulnerability in Rails Admin Project Rails Admin rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. | 6.8 |
2018-07-04 | CVE-2018-13139 | Libsndfile Project Debian | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | 6.8 |
2018-07-03 | CVE-2017-0921 | Gitlab | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | 6.8 |
2018-07-03 | CVE-2018-11636 | Dialogic | Cross-Site Request Forgery (CSRF) vulnerability in Dialogic Powermedia XMS Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | 6.8 |
2018-07-03 | CVE-2018-13102 | Anydesk Microsoft | Untrusted Search Path vulnerability in Anydesk AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | 6.8 |
2018-07-03 | CVE-2018-7774 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7773 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7772 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7769 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7768 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7767 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7766 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-7765 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.8 |
2018-07-03 | CVE-2018-1080 | Dogtagpki | Unspecified vulnerability in Dogtagpki Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. | 6.8 |
2018-07-02 | CVE-2018-13067 | Opencart | Cross-Site Request Forgery (CSRF) vulnerability in Opencart /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | 6.8 |
2018-07-02 | CVE-2018-12574 | TP Link | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16 CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | 6.8 |
2018-07-02 | CVE-2018-12529 | Intex | Cross-Site Request Forgery (CSRF) vulnerability in Intex N150 Firmware An issue was discovered on Intex N150 devices. | 6.8 |
2018-07-06 | CVE-2018-5896 | Out-of-bounds Read vulnerability in Google Android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied. | 6.6 | |
2018-07-03 | CVE-2018-9242 | Paloaltonetworks | Improper Input Validation vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | 6.6 |
2018-07-07 | CVE-2018-13419 | Libsndfile Project | Missing Release of Resource after Effective Lifetime vulnerability in Libsndfile Project Libsndfile 1.0.28 An issue has been found in libsndfile 1.0.28. | 6.5 |
2018-07-05 | CVE-2018-12103 | Dlink D Link | Incorrect Authorization vulnerability in multiple products An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). | 6.5 |
2018-07-05 | CVE-2017-16773 | Synology | Incorrect Authorization vulnerability in Synology Universal Search Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | 6.5 |
2018-07-03 | CVE-2018-3754 | Query Mysql Project | SQL Injection vulnerability in Query-Mysql Project Query-Mysql 0.0.0/0.0.1/0.0.2 Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. | 6.5 |
2018-07-03 | CVE-2018-8036 | Apache | Infinite Loop vulnerability in Apache Pdfbox In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | 6.5 |
2018-07-03 | CVE-2018-11643 | Dialogic | SQL Injection vulnerability in Dialogic Powermedia XMS SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | 6.5 |
2018-07-03 | CVE-2018-7777 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.5 |
2018-07-03 | CVE-2018-10856 | Libpod Project | Incorrect Permission Assignment for Critical Resource vulnerability in Libpod Project Libpod It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. | 6.5 |
2018-07-02 | CVE-2018-12892 | Debian XEN | Information Exposure vulnerability in multiple products An issue was discovered in Xen 4.7 through 4.10.x. | 6.5 |
2018-07-02 | CVE-2018-1244 | Dell | Command Injection vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. | 6.5 |
2018-07-02 | CVE-2018-12577 | TP Link | OS Command Injection vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16 The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | 6.5 |
2018-07-02 | CVE-2018-13049 | Glpi Project | SQL Injection vulnerability in Glpi-Project Glpi The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | 6.5 |
2018-07-05 | CVE-2018-3767 | Memcachier | Unspecified vulnerability in Memcachier Memjs `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | 6.4 |
2018-07-03 | CVE-2018-11640 | Dialogic | XXE vulnerability in Dialogic Powermedia XMS XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | 6.4 |
2018-07-02 | CVE-2018-13056 | Zzcms | Improper Input Validation vulnerability in Zzcms 8.3 An issue was discovered on zzcms 8.3. | 6.4 |
2018-07-05 | CVE-2018-3769 | Ruby Grape | Cross-site Scripting vulnerability in Ruby-Grape Grape ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | 6.1 |
2018-07-03 | CVE-2018-13065 | Trustwave | Cross-site Scripting vulnerability in Trustwave Modsecurity 3.0.0 ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. | 6.1 |
2018-07-03 | CVE-2018-7771 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 6.0 |
2018-07-06 | CVE-2018-1546 | IBM | Information Exposure vulnerability in IBM API Connect IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2018-07-06 | CVE-2016-6541 | Thetrackr | Improper Authentication vulnerability in Thetrackr Trackr Bravo Firmware TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. | 5.8 |
2018-07-05 | CVE-2018-13305 | Ffmpeg | Out-of-bounds Read vulnerability in Ffmpeg 4.0.1 In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | 5.8 |
2018-07-05 | CVE-2018-13300 | Ffmpeg Debian | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | 5.8 |
2018-07-02 | CVE-2018-12499 | Motorola | Improper Certificate Validation vulnerability in Motorola Mbp853 Firmware The Motorola MBP853 firmware does not correctly validate server certificates. | 5.8 |
2018-07-02 | CVE-2018-13054 | Debian Linuxmint | Link Following vulnerability in multiple products An issue was discovered in Cinnamon 1.9.2 through 3.8.6. | 5.8 |
2018-07-06 | CVE-2018-13407 | Jirafeau | Cross-Site Request Forgery (CSRF) vulnerability in Jirafeau A CSRF issue was discovered in Jirafeau before 3.4.1. | 5.5 |
2018-07-06 | CVE-2018-1542 | IBM | XXE vulnerability in IBM Content Foundation and Filenet Content Manager IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2018-07-03 | CVE-2018-13122 | Onefilecms | Incorrect Permission Assignment for Critical Resource vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. | 5.5 |
2018-07-03 | CVE-2018-13099 | Linux Debian Opensuse Canonical | Out-of-bounds Read vulnerability in multiple products An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. | 5.5 |
2018-07-03 | CVE-2018-13096 | Linux Debian Canonical Opensuse | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. | 5.5 |
2018-07-06 | CVE-2018-10892 | Docker Mobyproject Redhat Opensuse | Execution with Unnecessary Privileges vulnerability in multiple products The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. | 5.3 |
2018-07-03 | CVE-2018-10596 | Medtronic | Information Exposure vulnerability in Medtronic 2090 Carelink Programmer Firmware Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. | 5.2 |
2018-07-08 | CVE-2018-13439 | Tencent | XXE vulnerability in Tencent Wechat PAY WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. | 5.0 |
2018-07-06 | CVE-2018-5886 | Out-of-bounds Read vulnerability in Google Android A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. | 5.0 | |
2018-07-06 | CVE-2018-5897 | Out-of-bounds Read vulnerability in Google Android While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.0 | |
2018-07-06 | CVE-2018-5892 | Qualcomm | Information Exposure vulnerability in Qualcomm products The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. | 5.0 |
2018-07-06 | CVE-2018-3577 | Integer Overflow or Wraparound vulnerability in Google Android While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 5.0 | |
2018-07-06 | CVE-2018-13109 | Adbglobal | Incorrect Authorization vulnerability in Adbglobal products All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). | 5.0 |
2018-07-06 | CVE-2017-1488 | IBM | Information Exposure vulnerability in IBM products An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. | 5.0 |
2018-07-06 | CVE-2017-1239 | IBM | Information Exposure vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. | 5.0 |
2018-07-06 | CVE-2018-13348 | Mercurial | Improper Input Validation vulnerability in Mercurial The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | 5.0 |
2018-07-06 | CVE-2018-13346 | Mercurial | Improper Input Validation vulnerability in Mercurial The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | 5.0 |
2018-07-05 | CVE-2016-10725 | Bitcoin | Cryptographic Issues vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. | 5.0 |
2018-07-05 | CVE-2018-10885 | Redhat | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 5.0 |
2018-07-05 | CVE-2018-13233 | GSI Project | Integer Overflow or Wraparound vulnerability in GSI Project GSI The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13232 | Entercoin Project | Integer Overflow or Wraparound vulnerability in Entercoin Project Entercoin The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13231 | Entertoken Project | Integer Overflow or Wraparound vulnerability in Entertoken Project Entertoken The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13230 | Destineed Project | Integer Overflow or Wraparound vulnerability in Destineed Project Destineed The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13229 | Riptidecoin Project | Integer Overflow or Wraparound vulnerability in Riptidecoin Project Riptidecoin The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13228 | Crowdnext Project | Integer Overflow or Wraparound vulnerability in Crowdnext Project Crowdnext The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13227 | Moneychainnet Project | Integer Overflow or Wraparound vulnerability in Moneychainnet Project Moneychainnet The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13226 | Ylctoken Project | Integer Overflow or Wraparound vulnerability in Ylctoken Project Ylctoken The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13225 | Myylc Project | Integer Overflow or Wraparound vulnerability in Myylc Project Myylc The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13224 | Virtual Energy Units Project | Integer Overflow or Wraparound vulnerability in Virtual Energy Units Project Virtual Energy Units The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13223 | Rtokenmain Project | Integer Overflow or Wraparound vulnerability in Rtokenmain Project Rtokenmain The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13222 | Objectledger | Integer Overflow or Wraparound vulnerability in Objectledger Objecttoken The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13221 | Extreme Coin Project | Integer Overflow or Wraparound vulnerability in Extreme Coin Project Extreme Coin The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13220 | Mavcash Project | Integer Overflow or Wraparound vulnerability in Mavcash Project Mavcash The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13219 | Yourcoin Project | Integer Overflow or Wraparound vulnerability in Yourcoin Project Yourcoin The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13218 | ICO Dollar Project | Integer Overflow or Wraparound vulnerability in ICO Dollar Project ICO Dollar The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13217 | Cointoken Project | Integer Overflow or Wraparound vulnerability in Cointoken Project Cointoken The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13216 | Greenmed | Integer Overflow or Wraparound vulnerability in Greenmed The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13215 | Sample Token Project | Integer Overflow or Wraparound vulnerability in Sample Token Project Sample Token The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13214 | Globalmiles | Integer Overflow or Wraparound vulnerability in Globalmiles Gmile The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13213 | Travelcoin | Integer Overflow or Wraparound vulnerability in Travelcoin The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13212 | Ethereumlegit Project | Integer Overflow or Wraparound vulnerability in Ethereumlegit Project Ethereumlegit The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13211 | Mytokenshr Project | Integer Overflow or Wraparound vulnerability in Mytokenshr Project Mytokenshr The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13210 | Providence | Integer Overflow or Wraparound vulnerability in Providence Crypto Casino The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13209 | Nectar Project | Integer Overflow or Wraparound vulnerability in Nectar Project Nectar The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13208 | Moneytree Project | Integer Overflow or Wraparound vulnerability in Moneytree Project Moneytree The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13207 | Porn Coin | Integer Overflow or Wraparound vulnerability in Porn-Coin Porncoin The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13206 | Providencecasino Project | Integer Overflow or Wraparound vulnerability in Providencecasino Project Providencecasino The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13205 | Ohni | Integer Overflow or Wraparound vulnerability in Ohni 2 The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13204 | Ethercash | Integer Overflow or Wraparound vulnerability in Ethercash The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13203 | Airswaptoken Project | Integer Overflow or Wraparound vulnerability in Airswaptoken Project Airswaptoken The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13202 | Mybo Project | Integer Overflow or Wraparound vulnerability in Mybo Project Mybo The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13201 | Titok Ticket Token Project | Integer Overflow or Wraparound vulnerability in Titok - Ticket Token Project Titok - Ticket Token The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13200 | Dateme Project | Integer Overflow or Wraparound vulnerability in Dateme Project Dateme The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13199 | Ethereumblack Project | Integer Overflow or Wraparound vulnerability in Ethereumblack Project Ethereumblack The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13198 | Stex Exchange ICO Project | Integer Overflow or Wraparound vulnerability in Stex Exchange ICO Project Stex Exchange ICO The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13197 | Welfare Token Fund Project | Integer Overflow or Wraparound vulnerability in Welfare Token Fund Project Welfare Token Fund The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13196 | T Swap Token Project | Integer Overflow or Wraparound vulnerability in T-Swap-Token Project T-Swap-Token The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 5.0 |
2018-07-05 | CVE-2018-13195 | Cranooadvanced Project | Integer Overflow or Wraparound vulnerability in Cranooadvanced Project Cranooadvanced The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13194 | Ttcoin Project | Integer Overflow or Wraparound vulnerability in Ttcoin Project Ttcoin The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13193 | Hentaisolo Project | Integer Overflow or Wraparound vulnerability in Hentaisolo Project Hentaisolo The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13192 | Jobscoin Project | Integer Overflow or Wraparound vulnerability in Jobscoin Project Jobscoin The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13191 | Supercarboncoin Project | Integer Overflow or Wraparound vulnerability in Supercarboncoin Project Supercarboncoin The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13190 | Dvchain Project | Integer Overflow or Wraparound vulnerability in Dvchain Project Dvchain The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13189 | Unolabo Project | Integer Overflow or Wraparound vulnerability in Unolabo Project Unolabo The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13188 | Mybo Project | Integer Overflow or Wraparound vulnerability in Mybo Project Mybo The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13187 | Cibnliveinteractive Project | Integer Overflow or Wraparound vulnerability in Cibnliveinteractive Project Cibnliveinteractive The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13186 | Mmtcoin Project | Integer Overflow or Wraparound vulnerability in Mmtcoin Project Mmtcoin The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13185 | Appcoins Project | Integer Overflow or Wraparound vulnerability in Appcoins Project Appcoins The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13184 | Travelzeditoken Project | Integer Overflow or Wraparound vulnerability in Travelzeditoken Project Travelzeditoken The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13183 | Jwctoken Project | Integer Overflow or Wraparound vulnerability in Jwctoken Project Jwctoken The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13182 | Loncoin Project | Integer Overflow or Wraparound vulnerability in Loncoin Project Loncoin The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13181 | Cointroops Project | Integer Overflow or Wraparound vulnerability in Cointroops Project Cointroops The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13180 | Immcoin Project | Integer Overflow or Wraparound vulnerability in Immcoin Project Immcoin The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13179 | Aircontacttoken Project | Integer Overflow or Wraparound vulnerability in Aircontacttoken Project Aircontacttoken The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13178 | Ecpoints Project | Integer Overflow or Wraparound vulnerability in Ecpoints Project Ecpoints The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13177 | Miningrigrentalstoken Project | Integer Overflow or Wraparound vulnerability in Miningrigrentalstoken Project Miningrigrentalstoken The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13176 | Trustzen Project | Integer Overflow or Wraparound vulnerability in Trustzen Project Trustzen The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13175 | Aichain Project | Integer Overflow or Wraparound vulnerability in Aichain Project Aichain The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13174 | Cryptoabs Project | Integer Overflow or Wraparound vulnerability in Cryptoabs Project Cryptoabs The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13173 | Eliteshippertoken Project | Integer Overflow or Wraparound vulnerability in Eliteshippertoken Project Eliteshippertoken The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13172 | Bzxcoin Project | Integer Overflow or Wraparound vulnerability in Bzxcoin Project Bzxcoin The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13171 | Ladatoken Project | Integer Overflow or Wraparound vulnerability in Ladatoken Project Ladatoken The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13170 | Snoqualmiecoin Project | Integer Overflow or Wraparound vulnerability in Snoqualmiecoin Project Snoqualmiecoin The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13169 | Ethereum Cash PRO Coin Project | Integer Overflow or Wraparound vulnerability in Ethereum Cash PRO Coin Project Ethereum Cash PRO Coin The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13168 | Netkillerbatchtoken Project | Integer Overflow or Wraparound vulnerability in Netkillerbatchtoken Project Netkillerbatchtoken The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13167 | YU GI OH Project | Integer Overflow or Wraparound vulnerability in YU GI OH Project YU GI OH The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13166 | Athleticoin Project | Integer Overflow or Wraparound vulnerability in Athleticoin Project Athleticoin The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13165 | Justdcoin Project | Integer Overflow or Wraparound vulnerability in Justdcoin Project Justdcoin The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13164 | Eppcoin Project | Integer Overflow or Wraparound vulnerability in Eppcoin Project Eppcoin The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13161 | Multigames Project | Integer Overflow or Wraparound vulnerability in Multigames Project Multigames The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13160 | Etktokens Project | Integer Overflow or Wraparound vulnerability in Etktokens Project Etktokens The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13159 | Bankcoin Project | Integer Overflow or Wraparound vulnerability in Bankcoin Project Bankcoin The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13158 | Assettoken Project | Integer Overflow or Wraparound vulnerability in Assettoken Project Assettoken The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13157 | Cryptonitexcoin Project | Integer Overflow or Wraparound vulnerability in Cryptonitexcoin Project Cryptonitexcoin The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13156 | Bonustoken Project | Integer Overflow or Wraparound vulnerability in Bonustoken Project Bonustoken The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-13155 | Gemchain Project | Integer Overflow or Wraparound vulnerability in Gemchain Project Gemchain The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-05 | CVE-2018-12018 | Ethereum | Improper Validation of Array Index vulnerability in Ethereum GO Ethereum The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. | 5.0 |
2018-07-04 | CVE-2018-13132 | Spadeico Project | Integer Overflow or Wraparound vulnerability in Spadeico Project Spadeico Spadeico is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-13131 | Spadepresale Project | Integer Overflow or Wraparound vulnerability in Spadepresale Project Spadepresale SpadePreSale is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-13130 | Bitotal | Integer Overflow or Wraparound vulnerability in Bitotal Bitotal (TFUND) is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-13129 | Sp8De | Integer Overflow or Wraparound vulnerability in Sp8De SP8DE Token (SPX) is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-13128 | Etherty | Integer Overflow or Wraparound vulnerability in Etherty Token Etherty Token (ETY) is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-13127 | Sp8De | Integer Overflow or Wraparound vulnerability in Sp8De Presale Token SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-13126 | Moxy | Integer Overflow or Wraparound vulnerability in Moxy Moxyonepresale MoxyOnePresale is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-11429 | Atlant | Integer Overflow or Wraparound vulnerability in Atlant ATLANT (ATL) is a smart contract running on Ethereum. | 5.0 |
2018-07-04 | CVE-2018-11335 | Genesis Vision | Integer Overflow or Wraparound vulnerability in Genesis Vision Gvtoken GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. | 5.0 |
2018-07-03 | CVE-2018-13123 | Onefilecms | Information Exposure vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | 5.0 |
2018-07-03 | CVE-2017-0929 | Dnnsoftware | Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. | 5.0 |
2018-07-03 | CVE-2017-0919 | Gitlab | Missing Authentication for Critical Function vulnerability in Gitlab GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | 5.0 |
2018-07-03 | CVE-2018-13112 | Broadcom | Out-of-bounds Read vulnerability in Broadcom Tcpreplay 4.3.0 get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. | 5.0 |
2018-07-03 | CVE-2018-11637 | Dialogic | Link Following vulnerability in Dialogic Powermedia XMS 3.5 Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | 5.0 |
2018-07-03 | CVE-2018-11051 | EMC | Path Traversal vulnerability in EMC RSA Certificate Manager 6.9 RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. | 5.0 |
2018-07-03 | CVE-2018-7635 | Navercorp | Improper Input Validation vulnerability in Navercorp Whale Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name. | 5.0 |
2018-07-03 | CVE-2018-7787 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. | 5.0 |
2018-07-03 | CVE-2018-7783 | Schneider Electric | XXE vulnerability in Schneider-Electric Somachine Basic Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. | 5.0 |
2018-07-03 | CVE-2018-7779 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. | 5.0 |
2018-07-03 | CVE-2018-13092 | Reimbursetoken Project | Integer Overflow or Wraparound vulnerability in Reimbursetoken Project Reimbursetoken The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13091 | Sumocoin Project | Integer Overflow or Wraparound vulnerability in Sumocoin Project Sumocoin The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13090 | Yitongcoin Project | Integer Overflow or Wraparound vulnerability in Yitongcoin Project Yitongcoin The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13089 | Ucointoken Project | Integer Overflow or Wraparound vulnerability in Ucointoken Project Ucointoken The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13088 | Tokenerc20 Project | Integer Overflow or Wraparound vulnerability in Tokenerc20 Project Tokenerc20 The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13087 | Coinstar Myadvancedtoken Project | Integer Overflow or Wraparound vulnerability in Coinstar Myadvancedtoken Project Coinstar Myadvancedtoken The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13086 | Iadowr Project | Integer Overflow or Wraparound vulnerability in Iadowr Project Iadowr The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13085 | Freecoin Project | Integer Overflow or Wraparound vulnerability in Freecoin Project Freecoin The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13084 | Goodtimecoin Project | Integer Overflow or Wraparound vulnerability in Goodtimecoin Project Goodtimecoin The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13083 | Plazatoken Project | Integer Overflow or Wraparound vulnerability in Plazatoken Project Plazatoken The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13082 | Moditokenerc20 Project | Integer Overflow or Wraparound vulnerability in Moditokenerc20 Project Moditokenerc20 The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13081 | Gzstoken Project | Integer Overflow or Wraparound vulnerability in Gzstoken Project Gzstoken The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13080 | Goutex Project | Integer Overflow or Wraparound vulnerability in Goutex Project Goutex The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13079 | Goodto Project | Integer Overflow or Wraparound vulnerability in Goodto Project Goodto The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13078 | Jitech Project | Integer Overflow or Wraparound vulnerability in Jitech Project Jitech The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13077 | CTB Project | Integer Overflow or Wraparound vulnerability in CTB Project CTB The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13076 | Betcash Project | Integer Overflow or Wraparound vulnerability in Betcash Project Betcash The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13075 | Carbonexchangecointoken Project | Integer Overflow or Wraparound vulnerability in Carbonexchangecointoken Project Carbonexchangecointoken The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13074 | Fibtoken Project | Integer Overflow or Wraparound vulnerability in Fibtoken Project Fibtoken The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13073 | Ethereumblack Project | Integer Overflow or Wraparound vulnerability in Ethereumblack Project Ethereumblack The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13072 | Coffeecoin Project | Integer Overflow or Wraparound vulnerability in Coffeecoin Project Coffeecoin The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13071 | Ccindextoken Project | Integer Overflow or Wraparound vulnerability in Ccindextoken Project Ccindextoken The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13070 | Encryptedtoken Project | Integer Overflow or Wraparound vulnerability in Encryptedtoken Project Encryptedtoken The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13069 | Dychain Project | Integer Overflow or Wraparound vulnerability in Dychain Project Dychain The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-03 | CVE-2018-13068 | Azuriontoken Project | Integer Overflow or Wraparound vulnerability in Azuriontoken Project Azuriontoken The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 5.0 |
2018-07-02 | CVE-2018-13066 | Libming | Missing Release of Resource after Effective Lifetime vulnerability in Libming 0.4.8 There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE. | 5.0 |
2018-07-02 | CVE-2018-1243 | Dell | Improperly Implemented Security Check for Standard vulnerability in Dell products Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. | 5.0 |
2018-07-02 | CVE-2017-17316 | Huawei | Out-of-bounds Read vulnerability in Huawei products Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. | 5.0 |
2018-07-02 | CVE-2018-12891 | Debian XEN | An issue was discovered in Xen through 4.10.x. | 4.9 |
2018-07-05 | CVE-2018-3764 | Nextcloud | Cross-site Scripting vulnerability in Nextcloud Contacts In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. | 4.8 |
2018-07-05 | CVE-2018-3763 | Nextcloud | Cross-site Scripting vulnerability in Nextcloud Calendar In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. | 4.8 |
2018-07-06 | CVE-2018-5862 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. | 4.6 | |
2018-07-06 | CVE-2018-5858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur. | 4.6 | |
2018-07-06 | CVE-2018-3587 | Use After Free vulnerability in Google Android In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. | 4.6 | |
2018-07-06 | CVE-2018-5899 | Use After Free vulnerability in Google Android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. | 4.6 | |
2018-07-06 | CVE-2018-5898 | Integer Overflow or Wraparound vulnerability in Google Android Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.6 | |
2018-07-06 | CVE-2018-5893 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. | 4.6 | |
2018-07-06 | CVE-2018-5891 | Qualcomm | Use After Free vulnerability in Qualcomm products While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. | 4.6 |
2018-07-06 | CVE-2018-5890 | Unspecified vulnerability in Google Android If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.6 | |
2018-07-06 | CVE-2018-5889 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.6 | |
2018-07-06 | CVE-2018-5888 | Out-of-bounds Read vulnerability in Google Android While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.6 | |
2018-07-06 | CVE-2018-5887 | Out-of-bounds Read vulnerability in Google Android While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.6 | |
2018-07-06 | CVE-2018-5884 | Qualcomm | Improper Privilege Management vulnerability in Qualcomm products Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. | 4.6 |
2018-07-06 | CVE-2018-5838 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. | 4.6 |
2018-07-06 | CVE-2018-5834 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.6 | |
2018-07-06 | CVE-2018-3597 | Improper Input Validation vulnerability in Google Android In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. | 4.6 | |
2018-07-06 | CVE-2018-3564 | Use After Free vulnerability in Google Android In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails. | 4.6 | |
2018-07-06 | CVE-2018-11258 | Qualcomm | Use After Free vulnerability in Qualcomm products In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. | 4.6 |
2018-07-06 | CVE-2018-11257 | Qualcomm | Unspecified vulnerability in Qualcomm products Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. | 4.6 |
2018-07-04 | CVE-2018-13133 | Goldenfrog | Untrusted Search Path vulnerability in Goldenfrog Vyprvpn Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. | 4.6 |
2018-07-03 | CVE-2018-1113 | Redhat Fedoraproject | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat products setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. | 4.6 |
2018-07-06 | CVE-2018-5859 | Use After Free vulnerability in Google Android Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. | 4.4 | |
2018-07-06 | CVE-2018-5853 | Use After Free vulnerability in Google Android A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. | 4.4 | |
2018-07-06 | CVE-2018-5832 | Use After Free vulnerability in Google Android Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur. | 4.4 | |
2018-07-06 | CVE-2017-15856 | Race Condition vulnerability in Google Android Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 4.4 | |
2018-07-08 | CVE-2018-13440 | Audio File Library Project Canonical | NULL Pointer Dereference vulnerability in multiple products The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. | 4.3 |
2018-07-08 | CVE-2018-13433 | Boostnote | Cross-site Scripting vulnerability in Boostnote 0.11.7 Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. | 4.3 |
2018-07-07 | CVE-2018-13423 | Omeka | Cross-site Scripting vulnerability in Omeka admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. | 4.3 |
2018-07-07 | CVE-2018-13422 | Tecnick | Cross-site Scripting vulnerability in Tecnick Tcexam TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | 4.3 |
2018-07-07 | CVE-2018-11351 | Jirafeau | Cross-site Scripting vulnerability in Jirafeau script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. | 4.3 |
2018-07-07 | CVE-2018-11350 | Jirafeau | Cross-site Scripting vulnerability in Jirafeau An issue was discovered in Jirafeau before 3.4.1. | 4.3 |
2018-07-06 | CVE-2018-5894 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur. | 4.3 |
2018-07-06 | CVE-2018-13409 | Jirafeau | Cross-site Scripting vulnerability in Jirafeau An issue was discovered in Jirafeau before 3.4.1. | 4.3 |
2018-07-06 | CVE-2018-13408 | Jirafeau | Cross-site Scripting vulnerability in Jirafeau An issue was discovered in Jirafeau before 3.4.1. | 4.3 |
2018-07-06 | CVE-2018-1676 | IBM | Cross-site Scripting vulnerability in IBM Planning Analytics Local IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. | 4.3 |
2018-07-06 | CVE-2017-1248 | IBM | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 4.3 |
2018-07-05 | CVE-2018-13339 | Angular Redactor Project | Cross-site Scripting vulnerability in Angular Redactor Project Angular Redactor 1.1.6 Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | 4.3 |
2018-07-05 | CVE-2018-9997 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | 4.3 |
2018-07-05 | CVE-2018-8738 | Airties | Cross-site Scripting vulnerability in Airties 5444 Firmware and 5444Tt Firmware Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. | 4.3 |
2018-07-05 | CVE-2018-8046 | Sencha | Cross-site Scripting vulnerability in Sencha EXT JS The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. | 4.3 |
2018-07-05 | CVE-2018-12691 | Onosproject | Race Condition vulnerability in Onosproject Onos Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | 4.3 |
2018-07-05 | CVE-2017-11175 | Siemens | Cross-site Scripting vulnerability in Siemens FIN Stack 4.0 In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login. | 4.3 |
2018-07-05 | CVE-2018-13304 | Ffmpeg | Reachable Assertion vulnerability in Ffmpeg 4.0.1 In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. | 4.3 |
2018-07-05 | CVE-2018-13303 | Ffmpeg | NULL Pointer Dereference vulnerability in Ffmpeg 4.0.1 In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | 4.3 |
2018-07-05 | CVE-2018-13301 | Ffmpeg | NULL Pointer Dereference vulnerability in Ffmpeg 4.0.1 In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | 4.3 |
2018-07-05 | CVE-2018-13252 | Entrustdatacard | Cross-site Scripting vulnerability in Entrustdatacard Syntera Customization Suite 5.0/5.1 Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | 4.3 |
2018-07-05 | CVE-2018-3762 | Nextcloud | Improper Preservation of Permissions vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | 4.3 |
2018-07-05 | CVE-2018-13251 | Libming | Resource Exhaustion vulnerability in Libming 0.4.8 In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. | 4.3 |
2018-07-05 | CVE-2018-13250 | Libming | NULL Pointer Dereference vulnerability in Libming 0.4.8 libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. | 4.3 |
2018-07-05 | CVE-2018-9185 | Fortinet | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 4.3 |
2018-07-05 | CVE-2018-13153 | Imagemagick Canonical | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. | 4.3 |
2018-07-04 | CVE-2018-13136 | Ultimatemember | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 4.3 |
2018-07-04 | CVE-2018-13134 | TP Link | Cross-site Scripting vulnerability in Tp-Link Archer C1200 Firmware 1.13 TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | 4.3 |
2018-07-03 | CVE-2018-13121 | Realnetworks | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Realnetworks Realone Player 2.0 RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. | 4.3 |
2018-07-03 | CVE-2018-7636 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os 8.0.10 The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | 4.3 |
2018-07-03 | CVE-2018-3748 | Glance Project | Cross-site Scripting vulnerability in Glance Project Glance 3.0.5 There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. | 4.3 |
2018-07-03 | CVE-2018-3747 | Public JS Project | Cross-site Scripting vulnerability in Public.Js Project Public.Js The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. | 4.3 |
2018-07-03 | CVE-2018-11639 | Dialogic | Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5 Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | 4.3 |
2018-07-03 | CVE-2018-7786 | Schneider Electric | Cross-site Scripting vulnerability in Schneider-Electric U.Motion Builder 1.2.1 In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. | 4.3 |
2018-07-03 | CVE-2018-7776 | Schneider Electric | Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
2018-07-03 | CVE-2018-7770 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric U.Motion The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
2018-07-03 | CVE-2018-7764 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
2018-07-03 | CVE-2018-7763 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1 The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. | 4.3 |
2018-07-03 | CVE-2018-4855 | Siemens | Missing Encryption of Sensitive Data vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 4.3 |
2018-07-03 | CVE-2018-12255 | Invoiceplane | Cross-site Scripting vulnerability in Invoiceplane 1.5.10 An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. | 4.3 |
2018-07-03 | CVE-2018-13100 | Linux Debian | Divide By Zero vulnerability in Linux Kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. | 4.3 |
2018-07-03 | CVE-2018-13098 | Linux | Out-of-bounds Read vulnerability in Linux Kernel An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. | 4.3 |
2018-07-03 | CVE-2018-13097 | Linux | Out-of-bounds Read vulnerability in Linux Kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. | 4.3 |
2018-07-03 | CVE-2018-13095 | Linux | Out-of-bounds Write vulnerability in Linux Kernel An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. | 4.3 |
2018-07-03 | CVE-2018-13094 | Linux Canonical | NULL Pointer Dereference vulnerability in Linux Kernel An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. | 4.3 |
2018-07-03 | CVE-2018-13093 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. | 4.3 |
2018-07-03 | CVE-2018-10855 | Redhat Debian Canonical | Information Exposure Through Log Files vulnerability in multiple products Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. | 4.3 |
2018-07-02 | CVE-2018-1249 | Dell | Unspecified vulnerability in Dell Idrac9 Firmware Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. | 4.3 |
2018-07-02 | CVE-2018-12576 | TP Link | Improper Restriction of Rendered UI Layers or Frames vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16 TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | 4.3 |
2018-07-02 | CVE-2018-10076 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12 An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. | 4.3 |
2018-07-02 | CVE-2018-10075 | Zohocorp | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12 Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | 4.3 |
2018-07-02 | CVE-2017-17317 | Huawei | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei products Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. | 4.3 |
2018-07-02 | CVE-2018-0499 | Xapian Canonical | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | 4.3 |
2018-07-06 | CVE-2017-1559 | IBM | Information Exposure vulnerability in IBM products Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. | 4.0 |
2018-07-06 | CVE-2017-1509 | IBM | Information Exposure vulnerability in IBM products IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. | 4.0 |
2018-07-05 | CVE-2018-9998 | Open Xchange | Information Exposure vulnerability in Open-Xchange Appsuite Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. | 4.0 |
2018-07-05 | CVE-2017-16816 | Wisc | Improper Input Validation vulnerability in Wisc Htcondor The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions. | 4.0 |
2018-07-03 | CVE-2018-7782 | Schneider Electric | Insufficiently Protected Credentials vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. | 4.0 |
2018-07-03 | CVE-2018-7781 | Schneider Electric | Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation. | 4.0 |
2018-07-03 | CVE-2018-4856 | Siemens | Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 4.0 |
65 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2018-07-06 | CVE-2018-11259 | Qualcomm | Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. | 3.6 |
2018-07-06 | CVE-2018-1556 | IBM | Cross-site Scripting vulnerability in IBM Content Foundation and Filenet Content Manager IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. | 3.5 |
2018-07-06 | CVE-2018-1555 | IBM | Cross-site Scripting vulnerability in IBM Content Foundation and Filenet Content Manager IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. | 3.5 |
2018-07-06 | CVE-2018-1494 | IBM | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. | 3.5 |
2018-07-06 | CVE-2018-11124 | Opmantek | Cross-site Scripting vulnerability in Opmantek Open-Audit Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | 3.5 |
2018-07-06 | CVE-2017-1329 | IBM | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 3.5 |
2018-07-06 | CVE-2017-1242 | IBM | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 3.5 |
2018-07-06 | CVE-2017-1238 | IBM | Cross-site Scripting vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-06 | CVE-2017-1237 | IBM | Cross-site Scripting vulnerability in IBM products IBM Jazz based applications are vulnerable to cross-site scripting. | 3.5 |
2018-07-05 | CVE-2018-8928 | Synology | Cross-site Scripting vulnerability in Synology Carddav Server Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | 3.5 |
2018-07-05 | CVE-2015-9260 | Bedita | Cross-site Scripting vulnerability in Bedita An issue was discovered in BEdita before 3.7.0. | 3.5 |
2018-07-03 | CVE-2018-9337 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | 3.5 |
2018-07-03 | CVE-2018-9335 | Paloaltonetworks | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | 3.5 |
2018-07-03 | CVE-2017-0912 | UI | Cross-site Scripting vulnerability in UI Ucrm Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. | 3.5 |
2018-07-03 | CVE-2017-1717 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1715 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1691 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1690 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1652 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1651 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1621 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1608 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1592 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1568 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1565 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1564 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1562 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1561 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1317 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1316 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1315 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1314 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1313 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1312 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1306 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1299 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1294 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1293 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1281 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1280 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1277 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1275 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2017-1250 | IBM | Cross-site Scripting vulnerability in IBM products IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. | 3.5 |
2018-07-03 | CVE-2018-13106 | Clippercms | Cross-site Scripting vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | 3.5 |
2018-07-06 | CVE-2016-6540 | Thetrackr | Information Exposure vulnerability in Thetrackr Trackr Bravo Firmware Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. | 3.3 |
2018-07-06 | CVE-2016-6539 | Thetrackr | Information Exposure vulnerability in Thetrackr Trackr Firmware The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. | 3.3 |
2018-07-06 | CVE-2016-6538 | Thetrackr | Information Exposure vulnerability in Thetrackr Trackr Bravo Firmware The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | 3.3 |
2018-07-02 | CVE-2017-17175 | Huawei | Improper Input Validation vulnerability in Huawei Mate 9 PRO Lonal00B8.0.0.334(C00)/Lonal00B8.0.0.340A(C00)/Lonal00B8.0.0.343(C00) Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. | 3.3 |
2018-07-06 | CVE-2018-5865 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. | 2.1 | |
2018-07-06 | CVE-2018-5864 | Out-of-bounds Read vulnerability in Google Android While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. | 2.1 | |
2018-07-06 | CVE-2018-5895 | Out-of-bounds Read vulnerability in Google Android Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2.1 | |
2018-07-06 | CVE-2018-5836 | Out-of-bounds Read vulnerability in Google Android In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. | 2.1 | |
2018-07-06 | CVE-2017-15824 | Missing Release of Resource after Effective Lifetime vulnerability in Google Android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory. | 2.1 | |
2018-07-06 | CVE-2017-14893 | Out-of-bounds Read vulnerability in Google Android While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2.1 | |
2018-07-06 | CVE-2017-14872 | Out-of-bounds Read vulnerability in Google Android While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2.1 | |
2018-07-06 | CVE-2018-1621 | IBM | Cleartext Storage of Sensitive Information vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. | 2.1 |
2018-07-06 | CVE-2017-1795 | IBM | Information Exposure Through Log Files vulnerability in IBM Websphere MQ Managed File Transfer IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. | 2.1 |
2018-07-05 | CVE-2018-8026 | Apache Netapp | XXE vulnerability in multiple products This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). | 2.1 |
2018-07-03 | CVE-2018-9334 | Paloaltonetworks | Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | 2.1 |
2018-07-03 | CVE-2018-11634 | Dialogic | Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5 Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | 2.1 |
2018-07-02 | CVE-2018-12896 | Linux Debian Canonical | Integer Overflow or Wraparound vulnerability in Linux Kernel An issue was discovered in the Linux kernel through 4.17.3. | 2.1 |
2018-07-02 | CVE-2018-12893 | XEN Debian | An issue was discovered in Xen through 4.10.x. | 2.1 |
2018-07-02 | CVE-2018-13053 | Linux Canonical Debian | Integer Overflow or Wraparound vulnerability in Linux Kernel The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | 2.1 |
2018-07-06 | CVE-2017-2665 | Mongodb Redhat | Insufficiently Protected Credentials vulnerability in multiple products The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. | 1.9 |
2018-07-03 | CVE-2017-0913 | Ubnt | Incorrect Permission Assignment for Critical Resource vulnerability in Ubnt Ucrm Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. | 1.9 |