Weekly Vulnerabilities Reports > July 2 to 8, 2018

Overview

441 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 463 products from 233 vendors including IBM, Google, Schneider Electric, Debian, and Qualcomm. Vulnerabilities are notably categorized as "Integer Overflow or Wraparound", "Cross-site Scripting", "Out-of-bounds Read", "Improper Input Validation", and "SQL Injection".

  • 368 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 120 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 365 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 46 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-06 CVE-2018-5855 Google Out-Of-Bounds Read vulnerability in Google Android

While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.

10.0
2018-07-06 CVE-2018-3608 Trendmicro
Microsoft
Code Injection vulnerability in Trendmicro products

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.

10.0
2018-07-06 CVE-2018-3586 Google Integer Overflow OR Wraparound vulnerability in Google Android

An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

10.0
2018-07-03 CVE-2018-4853 Siemens Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions).

10.0
2018-07-03 CVE-2018-13101 Redswimmer Unspecified vulnerability in Redswimmer Kiosksimple 1.4.7.0

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint.

10.0
2018-07-03 CVE-2018-11316 Sonos Improper Input Validation vulnerability in Sonos Firmware

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack.

9.3
2018-07-03 CVE-2018-11314 Roku Improper Input Validation vulnerability in Roku Firmware

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack.

9.3
2018-07-03 CVE-2018-4854 Siemens Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions).

9.3
2018-07-03 CVE-2018-11638 Dialogic Unrestricted Upload of File With Dangerous Type vulnerability in Dialogic Powermedia XMS

Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.

9.0
2018-07-03 CVE-2017-2615 Qemu
Citrix
Redhat
Debian
XEN
Out-Of-Bounds Read vulnerability in multiple products

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.

9.0
2018-07-02 CVE-2018-1212 Dell Command Injection vulnerability in Dell Idrac6 Modular and Idrac6 Monolithic

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability.

9.0
2018-07-02 CVE-2018-10843 Redhat Incorrect Permission Assignment FOR Critical Resource vulnerability in Redhat Openshift Container Platform

source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container.

9.0
2018-07-02 CVE-2018-9276 Paessler AG OS Command Injection vulnerability in Paessler AG Prtg Network Monitor

An issue was discovered in PRTG Network Monitor before 18.2.39.

9.0

52 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-06 CVE-2018-13110 Adbglobal Incorrect Permission Assignment FOR Critical Resource vulnerability in Adbglobal products

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.

8.5
2018-07-05 CVE-2018-10987 Diqee OS Command Injection vulnerability in Diqee Diqee360 Firmware

An issue was discovered on Dongguan Diqee Diqee360 devices.

8.5
2018-07-03 CVE-2018-4851 Siemens Improper Input Validation vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions).

8.5
2018-07-06 CVE-2018-5872 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.

8.3
2018-07-06 CVE-2018-5829 Google Out-Of-Bounds Read vulnerability in Google Android

In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur.

7.8
2018-07-05 CVE-2016-10724 Bitcoin Resource Exhaustion vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind

Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map.

7.8
2018-07-08 CVE-2018-13450 Dolibarr SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.

7.5
2018-07-08 CVE-2018-13449 Dolibarr SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.

7.5
2018-07-08 CVE-2018-13448 Dolibarr SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

7.5
2018-07-08 CVE-2018-13447 Dolibarr SQL Injection vulnerability in Dolibarr 7.0.3

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.

7.5
2018-07-07 CVE-2018-13421 Fast CPP CSV Parser Project Out-Of-Bounds Read vulnerability in Fast-Cpp-Csv-Parser Project Fast-Cpp-Csv-Parser

Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.

7.5
2018-07-06 CVE-2018-13410 Info ZIP Project USE After Free vulnerability in Info-Zip Project ZIP 3.0

** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error.

7.5
2018-07-06 CVE-2018-5885 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.

7.5
2018-07-06 CVE-2018-5882 Qualcomm Out-Of-Bounds Read vulnerability in Qualcomm products

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

7.5
2018-07-06 CVE-2018-5878 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

7.5
2018-07-06 CVE-2017-11088 Qualcomm SQL Injection vulnerability in Qualcomm products

Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.

7.5
2018-07-06 CVE-2018-13347 Mercurial Integer Overflow OR Wraparound vulnerability in Mercurial

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.

7.5
2018-07-05 CVE-2018-13052 Cyberark Unspecified vulnerability in Cyberark Endpoint Privilege Manager

In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.

7.5
2018-07-05 CVE-2018-12571 Microsoft Server-Side Request Forgery (SSRF) vulnerability in Microsoft Forefront Unified Access Gateway 2010

uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.

7.5
2018-07-05 CVE-2018-12113 Coreftp Buffer Errors vulnerability in Coreftp Core FTP 2.2

Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.

7.5
2018-07-05 CVE-2018-12976 Godoc Path Traversal vulnerability in Godoc GO DOC DOT ORG 20180627

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

7.5
2018-07-05 CVE-2018-12910 Gnome
Canonical
Debian
Redhat
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

7.5
2018-07-03 CVE-2018-3753 Merge Object Project Improper Input Validation vulnerability in Merge-Object Project Merge-Object 0.1.0/1.0.0

The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function.

7.5
2018-07-03 CVE-2018-3752 Merge Options Project Improper Input Validation vulnerability in Merge-Options Project Merge-Options 0.0.42/0.0.64/1.0.0

The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function.

7.5
2018-07-03 CVE-2018-3751 Umbraengineering Improper Input Validation vulnerability in Umbraengineering Merge-Recursive

The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function.

7.5
2018-07-03 CVE-2018-3750 Deep Extend Project Improper Input Validation vulnerability in Deep Extend Project Deep Extend

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function.

7.5
2018-07-03 CVE-2018-3749 Deap Project Improper Input Validation vulnerability in Deap Project Deap

The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function.

7.5
2018-07-03 CVE-2018-13116 Zzcms SQL Injection vulnerability in Zzcms 8.3.

/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.

7.5
2018-07-03 CVE-2018-11641 Dialogic USE of Hard-Coded Credentials vulnerability in Dialogic Powermedia XMS

Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.

7.5
2018-07-03 CVE-2018-11635 Dialogic USE of Hard-Coded Credentials vulnerability in Dialogic Powermedia XMS 3.5

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.

7.5
2018-07-03 CVE-2018-11052 Dellemc Improper Authentication vulnerability in Dellemc Elastic Cloud Storage 3.2.0.0/3.2.0.1

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability.

7.5
2018-07-03 CVE-2018-7785 Schneider Electric Command Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.

7.5
2018-07-03 CVE-2018-7784 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric U.Motion

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application.

7.5
2018-07-03 CVE-2018-7780 Schneider Electric Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Schneider-Electric products

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set".

7.5
2018-07-03 CVE-2018-7778 Schneider Electric Missing Authentication FOR Critical Function vulnerability in Schneider-Electric Evlink Charging Station Firmware

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.

7.5
2018-07-03 CVE-2018-4852 Siemens Improper Authentication vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions).

7.5
2018-07-02 CVE-2018-12426 WP Livechat Unrestricted Upload of File With Dangerous Type vulnerability in Wp-Livechat Live Chat Support

The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.

7.5
2018-07-02 CVE-2018-12575 TP Link Improper Authentication vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

7.5
2018-07-02 CVE-2018-12528 Intex Unrestricted Upload of File With Dangerous Type vulnerability in Intex N150 Firmware

An issue was discovered on Intex N150 devices.

7.5
2018-07-02 CVE-2018-13050 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 13.0

A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.

7.5
2018-07-06 CVE-2018-5835 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

7.2
2018-07-06 CVE-2018-5831 Google USE After Free vulnerability in Google Android

In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.

7.2
2018-07-06 CVE-2018-5830 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

7.2
2018-07-06 CVE-2018-3569 Google Out-Of-Bounds Read vulnerability in Google Android

A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

7.2
2018-07-06 CVE-2017-18159 Google Out-Of-Bounds Read vulnerability in Google Android

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.

7.2
2018-07-06 CVE-2017-18158 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.

7.2
2018-07-06 CVE-2018-13406 Linux
Canonical
Debian
Integer Overflow OR Wraparound vulnerability in Linux Kernel

An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

7.2
2018-07-06 CVE-2018-13108 Adbglobal Unspecified vulnerability in Adbglobal products

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.

7.2
2018-07-05 CVE-2018-10988 Diqee Improper Verification of Cryptographic Signature vulnerability in Diqee Diqee360 Firmware

An issue was discovered on Diqee Diqee360 devices.

7.2
2018-07-05 CVE-2018-7944 Huawei Unspecified vulnerability in Huawei Emily-Al00A Firmware 8.1.0.106(Sp2C00)/8.1.0.107(Sp5C00)

Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability.

7.2
2018-07-03 CVE-2018-11642 Dialogic Incorrect Permission Assignment FOR Critical Resource vulnerability in Dialogic Powermedia XMS

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.

7.2
2018-07-03 CVE-2018-8870 Medtronic USE of Hard-Coded Credentials vulnerability in Medtronic products

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password.

7.2

308 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-06 CVE-2018-5873 Google
Linux
USE After Free vulnerability in multiple products

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11.

6.9
2018-07-03 CVE-2018-8868 Medtronic Unspecified vulnerability in Medtronic products

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device.

6.9
2018-07-08 CVE-2018-13445 Seacms Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61

An issue was discovered in SeaCMS 6.61.

6.8
2018-07-08 CVE-2018-13444 Seacms Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61

An issue was discovered in SeaCMS 6.61.

6.8
2018-07-07 CVE-2018-11349 Jirafeau Cross-Site Request Forgery (CSRF) vulnerability in Jirafeau

The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.

6.8
2018-07-06 CVE-2018-5876 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

6.8
2018-07-06 CVE-2018-5875 Qualcomm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qualcomm products

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

6.8
2018-07-06 CVE-2018-5874 Qualcomm Out-Of-Bounds Write vulnerability in Qualcomm products

While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

6.8
2018-07-06 CVE-2018-8929 Synology Channel and Path Errors vulnerability in Synology SSL VPN Client

Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.

6.8
2018-07-05 CVE-2018-13340 Gleeztech Cross-Site Request Forgery (CSRF) vulnerability in Gleeztech Gleez CMS 1.2.0

Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.

6.8
2018-07-05 CVE-2018-13031 Damicms Cross-Site Request Forgery (CSRF) vulnerability in Damicms 6.0.0

DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.

6.8
2018-07-05 CVE-2018-12739 Beescms Cross-Site Request Forgery (CSRF) vulnerability in Beescms 4.0

In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.

6.8
2018-07-05 CVE-2018-12520 Ntop Incorrect Usage of Seeds in Pseudo-Random Number Generator (Prng) vulnerability in Ntop Ntopng 3.4

An issue was discovered in ntopng 3.4 before 3.4.180617.

6.8
2018-07-05 CVE-2018-12021 Sylabs Information Exposure vulnerability in Sylabs Singularity

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system.

6.8
2018-07-05 CVE-2018-13302 Ffmpeg
Debian
Improper Validation of Array Index vulnerability in multiple products

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

6.8
2018-07-05 CVE-2016-10522 Rails Admin Project Cross-Site Request Forgery (CSRF) vulnerability in Rails Admin Project Rails Admin

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks.

6.8
2018-07-04 CVE-2018-13139 Libsndfile Project
Debian
Out-Of-Bounds Write vulnerability in multiple products

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.

6.8
2018-07-03 CVE-2017-0921 Gitlab Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Gitlab

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.

6.8
2018-07-03 CVE-2018-11636 Dialogic Cross-Site Request Forgery (CSRF) vulnerability in Dialogic Powermedia XMS

Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.

6.8
2018-07-03 CVE-2018-13102 Anydesk
Microsoft
Untrusted Search Path vulnerability in Anydesk

AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.

6.8
2018-07-03 CVE-2018-7774 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7773 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7772 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7769 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7768 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7767 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7766 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-7765 Schneider Electric SQL Injection vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.8
2018-07-03 CVE-2018-1080 Dogtagpki Unspecified vulnerability in Dogtagpki

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed.

6.8
2018-07-02 CVE-2018-13067 Opencart Cross-Site Request Forgery (CSRF) vulnerability in Opencart

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.

6.8
2018-07-02 CVE-2018-12574 TP Link Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

6.8
2018-07-02 CVE-2018-12529 Intex Cross-Site Request Forgery (CSRF) vulnerability in Intex N150 Firmware

An issue was discovered on Intex N150 devices.

6.8
2018-07-02 CVE-2018-8039 Apache
Redhat
Improper Handling of Exceptional Conditions vulnerability in multiple products

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'.

6.8
2018-07-06 CVE-2018-5896 Google Out-Of-Bounds Read vulnerability in Google Android

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied.

6.6
2018-07-03 CVE-2018-9242 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.

6.6
2018-07-05 CVE-2017-16773 Synology Incorrect Authorization vulnerability in Synology Universal Search

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.

6.5
2018-07-03 CVE-2018-3754 Query Mysql Project SQL Injection vulnerability in Query-Mysql Project Query-Mysql 0.0.0/0.0.1/0.0.2

Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization.

6.5
2018-07-03 CVE-2018-11643 Dialogic SQL Injection vulnerability in Dialogic Powermedia XMS

SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.

6.5
2018-07-03 CVE-2018-7777 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.5
2018-07-03 CVE-2018-10856 Libpod Project Incorrect Permission Assignment FOR Critical Resource vulnerability in Libpod Project Libpod

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user.

6.5
2018-07-02 CVE-2018-12892 Debian
XEN
Information Exposure vulnerability in multiple products

An issue was discovered in Xen 4.7 through 4.10.x.

6.5
2018-07-02 CVE-2018-1244 Dell Command Injection vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent.

6.5
2018-07-02 CVE-2018-12577 TP Link OS Command Injection vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.

6.5
2018-07-02 CVE-2018-13049 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.

6.5
2018-07-05 CVE-2018-3767 Memcachier Unspecified vulnerability in Memcachier Memjs

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

6.4
2018-07-03 CVE-2018-11640 Dialogic XXE vulnerability in Dialogic Powermedia XMS

XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).

6.4
2018-07-02 CVE-2018-13056 Zzcms Improper Input Validation vulnerability in Zzcms 8.3

An issue was discovered on zzcms 8.3.

6.4
2018-07-03 CVE-2018-7771 Schneider Electric Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

6.0
2018-07-06 CVE-2016-6541 Thetrackr Improper Authentication vulnerability in Thetrackr Trackr Bravo Firmware

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes.

5.8
2018-07-05 CVE-2018-13305 Ffmpeg Out-Of-Bounds Read vulnerability in Ffmpeg 4.0.1

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.

5.8
2018-07-05 CVE-2018-13300 Ffmpeg
Debian
Out-Of-Bounds Read vulnerability in multiple products

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.

5.8
2018-07-05 CVE-2018-3761 Nextcloud Improper Authentication vulnerability in Nextcloud Server

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint.

5.8
2018-07-02 CVE-2018-12499 Motorola Improper Certificate Validation vulnerability in Motorola Mbp853 Firmware

The Motorola MBP853 firmware does not correctly validate server certificates.

5.8
2018-07-02 CVE-2018-13054 Debian
Linuxmint
Link Following vulnerability in multiple products

An issue was discovered in Cinnamon 1.9.2 through 3.8.6.

5.8
2018-07-06 CVE-2018-13407 Jirafeau Cross-Site Request Forgery (CSRF) vulnerability in Jirafeau

A CSRF issue was discovered in Jirafeau before 3.4.1.

5.5
2018-07-06 CVE-2018-1542 IBM XXE vulnerability in IBM Content Foundation and Filenet Content Manager

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.

5.5
2018-07-03 CVE-2018-13122 Onefilecms Incorrect Permission Assignment FOR Critical Resource vulnerability in Onefilecms

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI.

5.5
2018-07-03 CVE-2018-10596 Medtronic Information Exposure vulnerability in Medtronic 2090 Carelink Programmer Firmware

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates.

5.2
2018-07-08 CVE-2018-13439 Tencent XXE vulnerability in Tencent Wechat PAY

WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.

5.0
2018-07-07 CVE-2018-13420 Gperftools Project Missing Release of Resource After Effective Lifetime vulnerability in Gperftools Project Gperftools 2.7

** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule.

5.0
2018-07-06 CVE-2018-5886 Google Out-Of-Bounds Read vulnerability in Google Android

A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed.

5.0
2018-07-06 CVE-2018-5897 Google Out-Of-Bounds Read vulnerability in Google Android

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

5.0
2018-07-06 CVE-2018-5892 Qualcomm Information Exposure vulnerability in Qualcomm products

The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.

5.0
2018-07-06 CVE-2018-3577 Google Integer Overflow OR Wraparound vulnerability in Google Android

While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

5.0
2018-07-06 CVE-2018-10892 Docker
Mobyproject
Redhat
Opensuse
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames.
5.0
2018-07-06 CVE-2018-13109 Adbglobal Incorrect Authorization vulnerability in Adbglobal products

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP).

5.0
2018-07-06 CVE-2017-1488 IBM Information Exposure vulnerability in IBM products

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure.

5.0
2018-07-06 CVE-2017-1239 IBM Information Exposure vulnerability in IBM products

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses.

5.0
2018-07-06 CVE-2018-13348 Mercurial Improper Input Validation vulnerability in Mercurial

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.

5.0
2018-07-06 CVE-2018-13346 Mercurial Improper Input Validation vulnerability in Mercurial

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.

5.0
2018-07-05 CVE-2016-10725 Bitcoin Cryptographic Issues vulnerability in Bitcoin Bitcoin-Qt, Bitcoin Core and Bitcoind

In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order.

5.0
2018-07-05 CVE-2018-13328 PFG Project Integer Overflow OR Wraparound vulnerability in PFG Project PFG

The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.

5.0
2018-07-05 CVE-2018-13327 Chucunlingaigo Project Integer Overflow OR Wraparound vulnerability in Chucunlingaigo Project Chucunlingaigo

The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow.

5.0
2018-07-05 CVE-2018-13326 Bittelux Project Integer Overflow OR Wraparound vulnerability in Bittelux Project Bittelux

The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow.

5.0
2018-07-05 CVE-2018-13325 Boodskap Integer Overflow OR Wraparound vulnerability in Boodskap Growchain

The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.

5.0
2018-07-05 CVE-2018-3766 Buttle Project Path Traversal vulnerability in Buttle Project Buttle

Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.

5.0
2018-07-05 CVE-2018-8038 Apache Improper Input Validation vulnerability in Apache CXF Fediz

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

5.0
2018-07-05 CVE-2018-10885 Redhat Improper Input Validation vulnerability in Redhat Openshift

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin.

5.0
2018-07-05 CVE-2018-13233 GSI Project Integer Overflow OR Wraparound vulnerability in GSI Project GSI

The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13232 Entercoin Project Integer Overflow OR Wraparound vulnerability in Entercoin Project Entercoin

The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13231 Entertoken Project Integer Overflow OR Wraparound vulnerability in Entertoken Project Entertoken

The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13230 Destineed Project Integer Overflow OR Wraparound vulnerability in Destineed Project Destineed

The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13229 Riptidecoin Project Integer Overflow OR Wraparound vulnerability in Riptidecoin Project Riptidecoin

The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13228 Crowdnext Project Integer Overflow OR Wraparound vulnerability in Crowdnext Project Crowdnext

The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13227 Moneychainnet Project Integer Overflow OR Wraparound vulnerability in Moneychainnet Project Moneychainnet

The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13226 Ylctoken Project Integer Overflow OR Wraparound vulnerability in Ylctoken Project Ylctoken

The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13225 Myylc Project Integer Overflow OR Wraparound vulnerability in Myylc Project Myylc

The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13224 Virtual Energy Units Project Integer Overflow OR Wraparound vulnerability in Virtual Energy Units Project Virtual Energy Units

The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13223 Rtokenmain Project Integer Overflow OR Wraparound vulnerability in Rtokenmain Project Rtokenmain

The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13222 Objectledger Integer Overflow OR Wraparound vulnerability in Objectledger Objecttoken

The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13221 Extreme Coin Project Integer Overflow OR Wraparound vulnerability in Extreme Coin Project Extreme Coin

The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13220 Mavcash Project Integer Overflow OR Wraparound vulnerability in Mavcash Project Mavcash

The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13219 Yourcoin Project Integer Overflow OR Wraparound vulnerability in Yourcoin Project Yourcoin

The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13218 ICO Dollar Project Integer Overflow OR Wraparound vulnerability in ICO Dollar Project ICO Dollar

The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13217 Cointoken Project Integer Overflow OR Wraparound vulnerability in Cointoken Project Cointoken

The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13216 Greenmed Integer Overflow OR Wraparound vulnerability in Greenmed

The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13215 Sample Token Project Integer Overflow OR Wraparound vulnerability in Sample Token Project Sample Token

The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13214 Globalmiles Integer Overflow OR Wraparound vulnerability in Globalmiles Gmile

The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13213 Travelcoin Integer Overflow OR Wraparound vulnerability in Travelcoin

The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13212 Ethereumlegit Project Integer Overflow OR Wraparound vulnerability in Ethereumlegit Project Ethereumlegit

The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13211 Mytokenshr Project Integer Overflow OR Wraparound vulnerability in Mytokenshr Project Mytokenshr

The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13210 Providence Integer Overflow OR Wraparound vulnerability in Providence Crypto Casino

The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13209 Nectar Project Integer Overflow OR Wraparound vulnerability in Nectar Project Nectar

The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13208 Moneytree Project Integer Overflow OR Wraparound vulnerability in Moneytree Project Moneytree

The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13207 Porn Coin Integer Overflow OR Wraparound vulnerability in Porn-Coin Porncoin

The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13206 Providencecasino Project Integer Overflow OR Wraparound vulnerability in Providencecasino Project Providencecasino

The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13205 Ohni Integer Overflow OR Wraparound vulnerability in Ohni 2

The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13204 Ethercash Integer Overflow OR Wraparound vulnerability in Ethercash

The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13203 Airswaptoken Project Integer Overflow OR Wraparound vulnerability in Airswaptoken Project Airswaptoken

The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13202 Mybo Project Integer Overflow OR Wraparound vulnerability in Mybo Project Mybo

The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13201 Titok Ticket Token Project Integer Overflow OR Wraparound vulnerability in Titok - Ticket Token Project Titok - Ticket Token

The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13200 Dateme Project Integer Overflow OR Wraparound vulnerability in Dateme Project Dateme

The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13199 Ethereumblack Project Integer Overflow OR Wraparound vulnerability in Ethereumblack Project Ethereumblack

The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13198 Stex Exchange ICO Project Integer Overflow OR Wraparound vulnerability in Stex Exchange ICO Project Stex Exchange ICO

The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13197 Welfare Token Fund Project Integer Overflow OR Wraparound vulnerability in Welfare Token Fund Project Welfare Token Fund

The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13196 T Swap Token Project Integer Overflow OR Wraparound vulnerability in T-Swap-Token Project T-Swap-Token

The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.

5.0
2018-07-05 CVE-2018-13195 Cranooadvanced Project Integer Overflow OR Wraparound vulnerability in Cranooadvanced Project Cranooadvanced

The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13194 Ttcoin Project Integer Overflow OR Wraparound vulnerability in Ttcoin Project Ttcoin

The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13193 Hentaisolo Project Integer Overflow OR Wraparound vulnerability in Hentaisolo Project Hentaisolo

The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13192 Jobscoin Project Integer Overflow OR Wraparound vulnerability in Jobscoin Project Jobscoin

The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13191 Supercarboncoin Project Integer Overflow OR Wraparound vulnerability in Supercarboncoin Project Supercarboncoin

The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13190 Dvchain Project Integer Overflow OR Wraparound vulnerability in Dvchain Project Dvchain

The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13189 Unolabo Project Integer Overflow OR Wraparound vulnerability in Unolabo Project Unolabo

The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13188 Mybo Project Integer Overflow OR Wraparound vulnerability in Mybo Project Mybo

The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13187 Cibnliveinteractive Project Integer Overflow OR Wraparound vulnerability in Cibnliveinteractive Project Cibnliveinteractive

The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13186 Mmtcoin Project Integer Overflow OR Wraparound vulnerability in Mmtcoin Project Mmtcoin

The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13185 Appcoins Project Integer Overflow OR Wraparound vulnerability in Appcoins Project Appcoins

The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13184 Travelzeditoken Project Integer Overflow OR Wraparound vulnerability in Travelzeditoken Project Travelzeditoken

The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13183 Jwctoken Project Integer Overflow OR Wraparound vulnerability in Jwctoken Project Jwctoken

The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13182 Loncoin Project Integer Overflow OR Wraparound vulnerability in Loncoin Project Loncoin

The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13181 Cointroops Project Integer Overflow OR Wraparound vulnerability in Cointroops Project Cointroops

The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13180 Immcoin Project Integer Overflow OR Wraparound vulnerability in Immcoin Project Immcoin

The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13179 Aircontacttoken Project Integer Overflow OR Wraparound vulnerability in Aircontacttoken Project Aircontacttoken

The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13178 Ecpoints Project Integer Overflow OR Wraparound vulnerability in Ecpoints Project Ecpoints

The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13177 Miningrigrentalstoken Project Integer Overflow OR Wraparound vulnerability in Miningrigrentalstoken Project Miningrigrentalstoken

The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13176 Trustzen Project Integer Overflow OR Wraparound vulnerability in Trustzen Project Trustzen

The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13175 Aichain Project Integer Overflow OR Wraparound vulnerability in Aichain Project Aichain

The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13174 Cryptoabs Project Integer Overflow OR Wraparound vulnerability in Cryptoabs Project Cryptoabs

The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13173 Eliteshippertoken Project Integer Overflow OR Wraparound vulnerability in Eliteshippertoken Project Eliteshippertoken

The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13172 Bzxcoin Project Integer Overflow OR Wraparound vulnerability in Bzxcoin Project Bzxcoin

The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13171 Ladatoken Project Integer Overflow OR Wraparound vulnerability in Ladatoken Project Ladatoken

The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13170 Snoqualmiecoin Project Integer Overflow OR Wraparound vulnerability in Snoqualmiecoin Project Snoqualmiecoin

The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13169 Ethereum Cash PRO Coin Project Integer Overflow OR Wraparound vulnerability in Ethereum Cash PRO Coin Project Ethereum Cash PRO Coin

The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13168 Netkillerbatchtoken Project Integer Overflow OR Wraparound vulnerability in Netkillerbatchtoken Project Netkillerbatchtoken

The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13167 YU GI OH Project Integer Overflow OR Wraparound vulnerability in YU GI OH Project YU GI OH

The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13166 Athleticoin Project Integer Overflow OR Wraparound vulnerability in Athleticoin Project Athleticoin

The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13165 Justdcoin Project Integer Overflow OR Wraparound vulnerability in Justdcoin Project Justdcoin

The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13164 Eppcoin Project Integer Overflow OR Wraparound vulnerability in Eppcoin Project Eppcoin

The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13163 Ethernet Cash Project Integer Overflow OR Wraparound vulnerability in Ethernet Cash Project Ethernet Cash

The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13162 Alex Project Integer Overflow OR Wraparound vulnerability in Alex Project Alex

The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13161 Multigames Project Integer Overflow OR Wraparound vulnerability in Multigames Project Multigames

The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13160 Etktokens Project Integer Overflow OR Wraparound vulnerability in Etktokens Project Etktokens

The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13159 Bankcoin Project Integer Overflow OR Wraparound vulnerability in Bankcoin Project Bankcoin

The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13158 Assettoken Project Integer Overflow OR Wraparound vulnerability in Assettoken Project Assettoken

The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13157 Cryptonitexcoin Project Integer Overflow OR Wraparound vulnerability in Cryptonitexcoin Project Cryptonitexcoin

The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13156 Bonustoken Project Integer Overflow OR Wraparound vulnerability in Bonustoken Project Bonustoken

The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-13155 Gemchain Project Integer Overflow OR Wraparound vulnerability in Gemchain Project Gemchain

The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-05 CVE-2018-12018 Ethereum Improper Validation of Array Index vulnerability in Ethereum GO Ethereum

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value.

5.0
2018-07-04 CVE-2018-13146 LEF Project Integer Overflow OR Wraparound vulnerability in LEF Project LEF

The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.

5.0
2018-07-04 CVE-2018-13145 Javaswaptest Project Integer Overflow OR Wraparound vulnerability in Javaswaptest Project Javaswaptest

The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.

5.0
2018-07-04 CVE-2018-13144 Pandora Project Integer Overflow OR Wraparound vulnerability in Pandora Project Pandora

The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow.

5.0
2018-07-04 CVE-2018-13132 Spadeico Project Integer Overflow OR Wraparound vulnerability in Spadeico Project Spadeico

Spadeico is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-13131 Spadepresale Project Integer Overflow OR Wraparound vulnerability in Spadepresale Project Spadepresale

SpadePreSale is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-13130 Bitotal Integer Overflow OR Wraparound vulnerability in Bitotal

Bitotal (TFUND) is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-13129 Sp8De Integer Overflow OR Wraparound vulnerability in Sp8De

SP8DE Token (SPX) is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-13128 Etherty Integer Overflow OR Wraparound vulnerability in Etherty Token

Etherty Token (ETY) is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-13127 Sp8De Integer Overflow OR Wraparound vulnerability in Sp8De Presale Token

SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-13126 Moxy Integer Overflow OR Wraparound vulnerability in Moxy Moxyonepresale

MoxyOnePresale is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-11429 Atlant Integer Overflow OR Wraparound vulnerability in Atlant

ATLANT (ATL) is a smart contract running on Ethereum.

5.0
2018-07-04 CVE-2018-11335 Genesis Vision Integer Overflow OR Wraparound vulnerability in Genesis Vision Gvtoken

GVToken Genesis Vision (GVT) is a smart contract running on Ethereum.

5.0
2018-07-03 CVE-2018-13123 Onefilecms Information Exposure vulnerability in Onefilecms

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.

5.0
2018-07-03 CVE-2017-0929 Dnnsoftware Server-Side Request Forgery (SSRF) vulnerability in Dnnsoftware Dotnetnuke

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class.

5.0
2018-07-03 CVE-2017-0919 Gitlab Missing Authentication FOR Critical Function vulnerability in Gitlab

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.

5.0
2018-07-03 CVE-2018-13113 Easy Trading Token Project Integer Overflow OR Wraparound vulnerability in Easy Trading Token Project Easy Trading Token

The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow.

5.0
2018-07-03 CVE-2018-13112 Appneta Out-Of-Bounds Read vulnerability in Appneta Tcpreplay 4.3.0

get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.

5.0
2018-07-03 CVE-2018-11637 Dialogic Link Following vulnerability in Dialogic Powermedia XMS 3.5

Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.

5.0
2018-07-03 CVE-2018-11051 EMC Path Traversal vulnerability in EMC RSA Certificate Manager 6.9

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server.

5.0
2018-07-03 CVE-2018-7635 Navercorp Improper Input Validation vulnerability in Navercorp Whale

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.

5.0
2018-07-03 CVE-2018-7787 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric U.Motion Builder 1.2.1

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.

5.0
2018-07-03 CVE-2018-7783 Schneider Electric XXE vulnerability in Schneider-Electric Somachine Basic

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack.

5.0
2018-07-03 CVE-2018-7779 Schneider Electric Unspecified vulnerability in Schneider-Electric products

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.

5.0
2018-07-03 CVE-2018-11746 Puppet Insufficiently Protected Credentials vulnerability in Puppet Discovery 1.0.0/1.0.1/1.1.0

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available.

5.0
2018-07-03 CVE-2018-13092 Reimbursetoken Project Integer Overflow OR Wraparound vulnerability in Reimbursetoken Project Reimbursetoken

The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13091 Sumocoin Project Integer Overflow OR Wraparound vulnerability in Sumocoin Project Sumocoin

The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13090 Yitongcoin Project Integer Overflow OR Wraparound vulnerability in Yitongcoin Project Yitongcoin

The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13089 Ucointoken Project Integer Overflow OR Wraparound vulnerability in Ucointoken Project Ucointoken

The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13088 Tokenerc20 Project Integer Overflow OR Wraparound vulnerability in Tokenerc20 Project Tokenerc20

The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13087 Coinstar Myadvancedtoken Project Integer Overflow OR Wraparound vulnerability in Coinstar Myadvancedtoken Project Coinstar Myadvancedtoken

The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13086 Iadowr Project Integer Overflow OR Wraparound vulnerability in Iadowr Project Iadowr

The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13085 Freecoin Project Integer Overflow OR Wraparound vulnerability in Freecoin Project Freecoin

The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13084 Goodtimecoin Project Integer Overflow OR Wraparound vulnerability in Goodtimecoin Project Goodtimecoin

The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13083 Plazatoken Project Integer Overflow OR Wraparound vulnerability in Plazatoken Project Plazatoken

The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13082 Moditokenerc20 Project Integer Overflow OR Wraparound vulnerability in Moditokenerc20 Project Moditokenerc20

The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13081 Gzstoken Project Integer Overflow OR Wraparound vulnerability in Gzstoken Project Gzstoken

The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13080 Goutex Project Integer Overflow OR Wraparound vulnerability in Goutex Project Goutex

The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13079 Goodto Project Integer Overflow OR Wraparound vulnerability in Goodto Project Goodto

The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13078 Jitech Project Integer Overflow OR Wraparound vulnerability in Jitech Project Jitech

The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13077 CTB Project Integer Overflow OR Wraparound vulnerability in CTB Project CTB

The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13076 Betcash Project Integer Overflow OR Wraparound vulnerability in Betcash Project Betcash

The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13075 Carbonexchangecointoken Project Integer Overflow OR Wraparound vulnerability in Carbonexchangecointoken Project Carbonexchangecointoken

The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13074 Fibtoken Project Integer Overflow OR Wraparound vulnerability in Fibtoken Project Fibtoken

The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13073 Ethereumblack Project Integer Overflow OR Wraparound vulnerability in Ethereumblack Project Ethereumblack

The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13072 Coffeecoin Project Integer Overflow OR Wraparound vulnerability in Coffeecoin Project Coffeecoin

The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13071 Ccindextoken Project Integer Overflow OR Wraparound vulnerability in Ccindextoken Project Ccindextoken

The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13070 Encryptedtoken Project Integer Overflow OR Wraparound vulnerability in Encryptedtoken Project Encryptedtoken

The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13069 Dychain Project Integer Overflow OR Wraparound vulnerability in Dychain Project Dychain

The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-03 CVE-2018-13068 Azuriontoken Project Integer Overflow OR Wraparound vulnerability in Azuriontoken Project Azuriontoken

The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

5.0
2018-07-02 CVE-2018-13066 Libming Missing Release of Resource After Effective Lifetime vulnerability in Libming 0.4.8

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE.

5.0
2018-07-02 CVE-2018-1243 Dell Improperly Implemented Security Check FOR Standard vulnerability in Dell products

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability.

5.0
2018-07-02 CVE-2017-17316 Huawei Out-Of-Bounds Read vulnerability in Huawei products

Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability.

5.0
2018-07-02 CVE-2018-12891 Debian
XEN
An issue was discovered in Xen through 4.10.x.
4.9
2018-07-06 CVE-2018-5907 Google Integer Overflow OR Wraparound vulnerability in Google Android

Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

4.6
2018-07-06 CVE-2018-5862 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur.

4.6
2018-07-06 CVE-2018-5858 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.

4.6
2018-07-06 CVE-2018-3587 Google USE After Free vulnerability in Google Android

In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur.

4.6
2018-07-06 CVE-2018-3570 Google Null Pointer Dereference vulnerability in Google Android

In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference.

4.6
2018-07-06 CVE-2018-11304 Google Integer Overflow OR Wraparound vulnerability in Google Android

Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

4.6
2018-07-06 CVE-2017-15851 Google Information Exposure vulnerability in Google Android

Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel

4.6
2018-07-06 CVE-2018-5899 Google USE After Free vulnerability in Google Android

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free.

4.6
2018-07-06 CVE-2018-5898 Google Integer Overflow OR Wraparound vulnerability in Google Android

Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.6
2018-07-06 CVE-2018-5893 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.

4.6
2018-07-06 CVE-2018-5891 Qualcomm USE After Free vulnerability in Qualcomm products

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available.

4.6
2018-07-06 CVE-2018-5890 Google Unspecified vulnerability in Google Android

If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.6
2018-07-06 CVE-2018-5889 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.6
2018-07-06 CVE-2018-5888 Google Out-Of-Bounds Read vulnerability in Google Android

While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.6
2018-07-06 CVE-2018-5887 Google Out-Of-Bounds Read vulnerability in Google Android

While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.6
2018-07-06 CVE-2018-5884 Qualcomm Improper Privilege Management vulnerability in Qualcomm products

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.

4.6
2018-07-06 CVE-2018-5838 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.

4.6
2018-07-06 CVE-2018-5834 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.6
2018-07-06 CVE-2018-3597 Google Improper Input Validation vulnerability in Google Android

In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.

4.6
2018-07-06 CVE-2018-3564 Google USE After Free vulnerability in Google Android

In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails.

4.6
2018-07-06 CVE-2018-11258 Qualcomm USE After Free vulnerability in Qualcomm products

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.

4.6
2018-07-06 CVE-2018-11257 Qualcomm Unspecified vulnerability in Qualcomm products

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.

4.6
2018-07-06 CVE-2018-13405 Linux
Canonical
Debian
Improper Privilege Management vulnerability in multiple products

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group.

4.6
2018-07-04 CVE-2018-13133 Goldenfrog Untrusted Search Path vulnerability in Goldenfrog Vyprvpn

Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.

4.6
2018-07-03 CVE-2018-1113 Redhat
Fedoraproject
Incorrect Permission Assignment FOR Critical Resource vulnerability in Redhat products

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells.

4.6
2018-07-02 CVE-2018-10874 Redhat Improper Input Validation vulnerability in Redhat products

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.

4.6
2018-07-06 CVE-2018-5859 Google USE After Free vulnerability in Google Android

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.

4.4
2018-07-06 CVE-2018-5853 Google USE After Free vulnerability in Google Android

A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.

4.4
2018-07-06 CVE-2018-5832 Google USE After Free vulnerability in Google Android

Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur.

4.4
2018-07-06 CVE-2017-15856 Google Race Condition vulnerability in Google Android

Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

4.4
2018-07-08 CVE-2018-13440 Audio File Library Project
Canonical
Null Pointer Dereference vulnerability in multiple products

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

4.3
2018-07-08 CVE-2018-13433 Boostnote Cross-Site Scripting vulnerability in Boostnote 0.11.7

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.

4.3
2018-07-07 CVE-2018-13423 Omeka Cross-Site Scripting vulnerability in Omeka

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.

4.3
2018-07-07 CVE-2018-13422 Tecnick Cross-Site Scripting vulnerability in Tecnick Tcexam

TCExam before 14.1.2 has XSS via an ff_ or xl_ field.

4.3
2018-07-07 CVE-2018-13419 Libsndfile Project Missing Release of Resource After Effective Lifetime vulnerability in Libsndfile Project Libsndfile 1.0.28

** DISPUTED ** An issue has been found in libsndfile 1.0.28.

4.3
2018-07-07 CVE-2018-11351 Jirafeau Cross-Site Scripting vulnerability in Jirafeau

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities.

4.3
2018-07-07 CVE-2018-11350 Jirafeau Cross-Site Scripting vulnerability in Jirafeau

An issue was discovered in Jirafeau before 3.4.1.

4.3
2018-07-06 CVE-2018-5894 Qualcomm Out-Of-Bounds Read vulnerability in Qualcomm products

Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.

4.3
2018-07-06 CVE-2018-13409 Jirafeau Cross-Site Scripting vulnerability in Jirafeau

An issue was discovered in Jirafeau before 3.4.1.

4.3
2018-07-06 CVE-2018-13408 Jirafeau Cross-Site Scripting vulnerability in Jirafeau

An issue was discovered in Jirafeau before 3.4.1.

4.3
2018-07-06 CVE-2018-1676 IBM Cross-Site Scripting vulnerability in IBM Planning Analytics Local

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting.

4.3
2018-07-06 CVE-2018-1546 IBM Information Exposure vulnerability in IBM API Connect

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2018-07-06 CVE-2017-1248 IBM Code Injection vulnerability in IBM products

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection.

4.3
2018-07-05 CVE-2018-13339 Angular Redactor Project Cross-Site Scripting vulnerability in Angular Redactor Project Angular Redactor 1.1.6

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.

4.3
2018-07-05 CVE-2018-9997 Open Xchange Cross-Site Scripting vulnerability in Open-Xchange Appsuite

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.

4.3
2018-07-05 CVE-2018-8738 Airties Cross-Site Scripting vulnerability in Airties 5444 Firmware and 5444Tt Firmware

Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.

4.3
2018-07-05 CVE-2018-8046 Sencha Cross-Site Scripting vulnerability in Sencha EXT JS

The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data.

4.3
2018-07-05 CVE-2018-12691 Onosproject Race Condition vulnerability in Onosproject Onos

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.

4.3
2018-07-05 CVE-2017-11175 J2Inn Cross-Site Scripting vulnerability in J2Inn FIN Stack 4.0

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login.

4.3
2018-07-05 CVE-2018-13304 Ffmpeg Reachable Assertion vulnerability in Ffmpeg 4.0.1

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

4.3
2018-07-05 CVE-2018-13303 Ffmpeg Null Pointer Dereference vulnerability in Ffmpeg 4.0.1

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

4.3
2018-07-05 CVE-2018-13301 Ffmpeg Null Pointer Dereference vulnerability in Ffmpeg 4.0.1

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

4.3
2018-07-05 CVE-2018-13252 Entrustdatacard Cross-Site Scripting vulnerability in Entrustdatacard Syntera Customization Suite 5.0/5.1

Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.

4.3
2018-07-05 CVE-2018-3769 Ruby Grape Cross-Site Scripting vulnerability in Ruby-Grape Grape

ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.

4.3
2018-07-05 CVE-2018-13251 Libming Resource Exhaustion vulnerability in Libming 0.4.8

In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2.

4.3
2018-07-05 CVE-2018-13250 Libming Null Pointer Dereference vulnerability in Libming 0.4.8

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT.

4.3
2018-07-05 CVE-2018-9185 Fortinet Information Exposure vulnerability in Fortinet Fortios

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.

4.3
2018-07-05 CVE-2018-13153 Imagemagick
Canonical
Missing Release of Resource After Effective Lifetime vulnerability in multiple products

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.

4.3
2018-07-04 CVE-2018-13136 Ultimatemember Cross-Site Scripting vulnerability in Ultimatemember Ultimate Member

The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.

4.3
2018-07-04 CVE-2018-13134 TP Link Cross-Site Scripting vulnerability in Tp-Link Archer C1200 Firmware 1.13

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.

4.3
2018-07-03 CVE-2018-13121 Realnetworks Buffer Errors vulnerability in Realnetworks Realone Player 2.0

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.

4.3
2018-07-03 CVE-2018-7636 Paloaltonetworks Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os 8.0.10

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.

4.3
2018-07-03 CVE-2018-3748 Glance Project Cross-Site Scripting vulnerability in Glance Project Glance 3.0.5

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5.

4.3
2018-07-03 CVE-2018-3747 Public JS Project Cross-Site Scripting vulnerability in Public.Js Project Public.Js

The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

4.3
2018-07-03 CVE-2018-8036 Apache Infinite Loop vulnerability in Apache Pdfbox

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.

4.3
2018-07-03 CVE-2018-11639 Dialogic Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.

4.3
2018-07-03 CVE-2018-7786 Schneider Electric Cross-Site Scripting vulnerability in Schneider-Electric U.Motion Builder 1.2.1

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.

4.3
2018-07-03 CVE-2018-7776 Schneider Electric Information Exposure vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

4.3
2018-07-03 CVE-2018-7770 Schneider Electric Path Traversal vulnerability in Schneider-Electric U.Motion

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

4.3
2018-07-03 CVE-2018-7764 Schneider Electric Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4.

4.3
2018-07-03 CVE-2018-7763 Schneider Electric Path Traversal vulnerability in Schneider-Electric U.Motion Builder 1.2.1

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4.

4.3
2018-07-03 CVE-2018-4855 Siemens Missing Encryption of Sensitive Data vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions).

4.3
2018-07-03 CVE-2018-13065 Modsecurity Cross-Site Scripting vulnerability in Modsecurity 3.0.0

** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element.

4.3
2018-07-03 CVE-2018-12255 Invoiceplane Cross-Site Scripting vulnerability in Invoiceplane 1.5.10

An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field.

4.3
2018-07-03 CVE-2018-13100 Linux
Debian
Divide BY Zero vulnerability in Linux Kernel

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.

4.3
2018-07-03 CVE-2018-13099 Linux
Debian
Out-Of-Bounds Read vulnerability in multiple products

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4.

4.3
2018-07-03 CVE-2018-13098 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3.

4.3
2018-07-03 CVE-2018-13097 Linux Out-Of-Bounds Read vulnerability in Linux Kernel

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3.

4.3
2018-07-03 CVE-2018-13096 Linux
Canonical
Debian
Out-Of-Bounds Read vulnerability in multiple products

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14.

4.3
2018-07-03 CVE-2018-13095 Linux Out-Of-Bounds Write vulnerability in Linux Kernel

An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3.

4.3
2018-07-03 CVE-2018-13094 Linux
Canonical
Null Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3.

4.3
2018-07-03 CVE-2018-13093 Linux Null Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3.

4.3
2018-07-03 CVE-2018-10855 Redhat
Debian
Canonical
Information Exposure Through LOG Files vulnerability in multiple products

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks.

4.3
2018-07-02 CVE-2018-1249 Dell Unspecified vulnerability in Dell Idrac9 Firmware

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs.

4.3
2018-07-02 CVE-2018-12576 TP Link Improper Restriction of Rendered UI Layers OR Frames vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

4.3
2018-07-02 CVE-2018-10076 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12.

4.3
2018-07-02 CVE-2018-10075 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.12

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.

4.3
2018-07-02 CVE-2017-17317 Huawei Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Huawei products

Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability.

4.3
2018-07-02 CVE-2018-0499 Xapian
Canonical
Cross-Site Scripting vulnerability in multiple products

A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().

4.3
2018-07-06 CVE-2017-1559 IBM Information Exposure vulnerability in IBM products

Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests.

4.0
2018-07-06 CVE-2017-1509 IBM Information Exposure vulnerability in IBM products

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks.

4.0
2018-07-05 CVE-2018-9998 Open Xchange Information Exposure vulnerability in Open-Xchange Appsuite

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.

4.0
2018-07-05 CVE-2017-16816 Htcondor Project Improper Input Validation vulnerability in Htcondor Project Htcondor

The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.

4.0
2018-07-05 CVE-2018-3762 Nextcloud Improper Preservation of Permissions vulnerability in Nextcloud Server

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.

4.0
2018-07-03 CVE-2018-7782 Schneider Electric Insufficiently Protected Credentials vulnerability in Schneider-Electric products

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.

4.0
2018-07-03 CVE-2018-7781 Schneider Electric Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.

4.0
2018-07-03 CVE-2018-4856 Siemens Unspecified vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions).

4.0

68 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2018-07-06 CVE-2018-11259 Qualcomm Incorrect Permission Assignment FOR Critical Resource vulnerability in Qualcomm products

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased.

3.6
2018-07-06 CVE-2018-1556 IBM Cross-Site Scripting vulnerability in IBM Content Foundation and Filenet Content Manager

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting.

3.5
2018-07-06 CVE-2018-1555 IBM Cross-Site Scripting vulnerability in IBM Content Foundation and Filenet Content Manager

IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting.

3.5
2018-07-06 CVE-2018-1494 IBM Cross-Site Scripting vulnerability in IBM Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting.

3.5
2018-07-06 CVE-2018-11124 Opmantek Cross-Site Scripting vulnerability in Opmantek Open-Audit

Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.

3.5
2018-07-06 CVE-2017-1329 IBM Code Injection vulnerability in IBM products

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection.

3.5
2018-07-06 CVE-2017-1242 IBM Code Injection vulnerability in IBM products

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection.

3.5
2018-07-06 CVE-2017-1238 IBM Cross-Site Scripting vulnerability in IBM products

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-06 CVE-2017-1237 IBM Cross-Site Scripting vulnerability in IBM products

IBM Jazz based applications are vulnerable to cross-site scripting.

3.5
2018-07-05 CVE-2018-3764 Nextcloud Cross-Site Scripting vulnerability in Nextcloud Contacts

In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction.

3.5
2018-07-05 CVE-2018-3763 Nextcloud Cross-Site Scripting vulnerability in Nextcloud Calendar

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction.

3.5
2018-07-05 CVE-2018-8928 Synology Cross-Site Scripting vulnerability in Synology Carddav Server

Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.

3.5
2018-07-05 CVE-2015-9260 Bedita Cross-Site Scripting vulnerability in Bedita

An issue was discovered in BEdita before 3.7.0.

3.5
2018-07-03 CVE-2018-9337 Paloaltonetworks Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.

3.5
2018-07-03 CVE-2018-9335 Paloaltonetworks Cross-Site Scripting vulnerability in Paloaltonetworks Pan-Os

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.

3.5
2018-07-03 CVE-2017-0912 UI Cross-Site Scripting vulnerability in UI Ucrm

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting.

3.5
2018-07-03 CVE-2017-1717 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1715 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1691 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1690 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1652 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1651 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1621 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1608 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1592 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1568 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1565 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1564 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1562 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1561 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1317 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1316 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1315 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1314 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1313 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1312 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1306 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1299 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1294 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1293 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1281 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1280 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1277 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1275 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2017-1250 IBM Cross-Site Scripting vulnerability in IBM products

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting.

3.5
2018-07-03 CVE-2018-13106 Clippercms Cross-Site Scripting vulnerability in Clippercms 1.3.3

ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.

3.5
2018-07-06 CVE-2016-6540 Thetrackr Information Exposure vulnerability in Thetrackr Trackr Bravo Firmware

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539.

3.3
2018-07-06 CVE-2016-6539 Thetrackr Information Exposure vulnerability in Thetrackr Trackr Firmware

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse.

3.3
2018-07-06 CVE-2016-6538 Thetrackr Information Exposure vulnerability in Thetrackr Trackr Bravo Firmware

The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.

3.3
2018-07-05 CVE-2018-12103 D Link Incorrect Authorization vulnerability in D-Link products

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions).

3.3
2018-07-02 CVE-2017-17175 Huawei Improper Input Validation vulnerability in Huawei Mate 9 PRO Lonal00B8.0.0.334(C00)/Lonal00B8.0.0.340A(C00)/Lonal00B8.0.0.343(C00)

Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability.

3.3
2018-07-06 CVE-2018-5865 Google Integer Underflow (Wrap OR Wraparound) vulnerability in Google Android

While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur.

2.1
2018-07-06 CVE-2018-5864 Google Out-Of-Bounds Read vulnerability in Google Android

While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur.

2.1
2018-07-06 CVE-2018-5895 Google Out-Of-Bounds Read vulnerability in Google Android

Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

2.1
2018-07-06 CVE-2018-5836 Google Out-Of-Bounds Read vulnerability in Google Android

In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.

2.1
2018-07-06 CVE-2017-15824 Google Missing Release of Resource After Effective Lifetime vulnerability in Google Android

In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory.

2.1
2018-07-06 CVE-2017-14893 Google Out-Of-Bounds Read vulnerability in Google Android

While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

2.1
2018-07-06 CVE-2017-14872 Google Out-Of-Bounds Read vulnerability in Google Android

While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

2.1
2018-07-06 CVE-2018-1621 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties.

2.1
2018-07-06 CVE-2017-1795 IBM Information Exposure Through LOG Files vulnerability in IBM Websphere MQ Managed File Transfer

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer.

2.1
2018-07-05 CVE-2018-8026 Apache
Netapp
XXE vulnerability in multiple products

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file).

2.1
2018-07-03 CVE-2018-9334 Paloaltonetworks Improper Privilege Management vulnerability in Paloaltonetworks Pan-Os

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

2.1
2018-07-03 CVE-2018-11634 Dialogic Insufficiently Protected Credentials vulnerability in Dialogic Powermedia XMS 3.5

Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.

2.1
2018-07-02 CVE-2018-12896 Linux
Debian
Canonical
Integer Overflow OR Wraparound vulnerability in Linux Kernel

An issue was discovered in the Linux kernel through 4.17.3.

2.1
2018-07-02 CVE-2018-12893 XEN
Debian
An issue was discovered in Xen through 4.10.x.
2.1
2018-07-02 CVE-2018-13053 Linux
Canonical
Debian
Integer Overflow OR Wraparound vulnerability in Linux Kernel

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

2.1
2018-07-06 CVE-2017-2665 Mongodb
Redhat
Insufficiently Protected Credentials vulnerability in multiple products

The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user.

1.9
2018-07-03 CVE-2017-0913 Ubnt Incorrect Permission Assignment FOR Critical Resource vulnerability in Ubnt Ucrm

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system.

1.9