Vulnerability Summary for the Week of July 2, 2018
Released
Jul 09, 2018
Document ID
SB18-190
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adb -- broadband_gateways_and_routers | All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. | 2018-07-06 | not yet calculated | CVE-2018-13110 MISC FULLDISC BUGTRAQ EXPLOIT-DB MISC |
| adb -- broadband_gateways_and_routers | All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP. | 2018-07-06 | not yet calculated | CVE-2018-13108 MISC FULLDISC BUGTRAQ EXPLOIT-DB MISC |
| adb -- broadband_gateways_and_routers | All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well. | 2018-07-06 | not yet calculated | CVE-2018-13109 MISC FULLDISC BUGTRAQ EXPLOIT-DB MISC |
| airties -- airties | Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. | 2018-07-05 | not yet calculated | CVE-2018-8738 EXPLOIT-DB MISC |
| angular -- redactor | Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | 2018-07-05 | not yet calculated | CVE-2018-13339 MISC MISC |
| ansible -- ansible | Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. | 2018-07-02 | not yet calculated | CVE-2018-10855 REDHAT REDHAT REDHAT REDHAT CONFIRM |
| ansible -- ansible | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 2018-07-02 | not yet calculated | CVE-2018-10874 CONFIRM |
| anydesk -- anydesk | AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. | 2018-07-03 | not yet calculated | CVE-2018-13102 CONFIRM |
| apache -- cxf | It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. | 2018-07-02 | not yet calculated | CVE-2018-8039 CONFIRM SECTRACK CONFIRM MLIST |
| apache -- cxf_fediz | Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. | 2018-07-05 | not yet calculated | CVE-2018-8038 CONFIRM SECTRACK CONFIRM MLIST |
| apache -- pdfbox | In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | 2018-07-03 | not yet calculated | CVE-2018-8036 MLIST |
| apache -- solr | This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. | 2018-07-05 | not yet calculated | CVE-2018-8026 CONFIRM MLIST |
| archive::zip -- archive::zip | perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. | 2018-06-29 | not yet calculated | CVE-2018-10860 BID CONFIRM UBUNTU UBUNTU |
| bedita -- bedita | An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. | 2018-07-04 | not yet calculated | CVE-2015-9260 MISC MISC MISC |
| beescms -- beescms | In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | 2018-07-05 | not yet calculated | CVE-2018-12739 MISC EXPLOIT-DB |
| bitcoin_core -- bitcoin_core | In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | 2018-07-05 | not yet calculated | CVE-2016-10725 MISC MISC |
| bitcoin_core -- bitcoin_core | Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | 2018-07-05 | not yet calculated | CVE-2016-10724 MISC MISC |
| buttle -- buttle | Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | 2018-07-05 | not yet calculated | CVE-2018-3766 MISC |
| cinnamon -- cinnamon | An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. | 2018-07-02 | not yet calculated | CVE-2018-13054 MISC MISC |
| clippercms -- clippercms | ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | 2018-07-03 | not yet calculated | CVE-2018-13106 MISC |
| core -- ftp_le | Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response. | 2018-07-05 | not yet calculated | CVE-2018-12113 MISC MISC MISC |
| cyberark -- endpoint_privilege_manager | In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | 2018-07-05 | not yet calculated | CVE-2018-13052 MISC |
| d-link -- dir-890l_a2_devices | An issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point. | 2018-07-05 | not yet calculated | CVE-2018-12103 FULLDISC |
| damicms -- damicms | DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | 2018-07-05 | not yet calculated | CVE-2018-13031 MISC EXPLOIT-DB |
| debian -- devscripts | scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | 2018-07-01 | not yet calculated | CVE-2018-13043 MISC UBUNTU |
| deep-extend -- deep-extend | The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | 2018-07-03 | not yet calculated | CVE-2018-3750 MISC |
| deep-node -- deep-node | The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | 2018-07-03 | not yet calculated | CVE-2018-3749 MISC |
| dell_emc -- ecs | Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests. | 2018-07-03 | not yet calculated | CVE-2018-11052 FULLDISC BID |
| dell_emc -- idrac | Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server. | 2018-07-02 | not yet calculated | CVE-2018-1249 CONFIRM |
| dell_emc -- idrac | Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. | 2018-07-02 | not yet calculated | CVE-2018-1244 CONFIRM |
| dell_emc -- idrac | The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. | 2018-07-02 | not yet calculated | CVE-2018-1212 CONFIRM |
| dell_emc -- idrac | Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. | 2018-07-02 | not yet calculated | CVE-2018-1243 CONFIRM |
| dialogic -- powermedia_xms | Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | 2018-07-03 | not yet calculated | CVE-2018-11641 MISC |
| dialogic -- powermedia_xms | Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | 2018-07-03 | not yet calculated | CVE-2018-11635 MISC |
| dialogic -- powermedia_xms | Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. | 2018-07-03 | not yet calculated | CVE-2018-11639 MISC |
| dialogic -- powermedia_xms | Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | 2018-07-03 | not yet calculated | CVE-2018-11636 MISC |
| dialogic -- powermedia_xms | Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | 2018-07-03 | not yet calculated | CVE-2018-11637 MISC |
| dialogic -- powermedia_xms | XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). | 2018-07-03 | not yet calculated | CVE-2018-11640 MISC |
| dialogic -- powermedia_xms | SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. | 2018-07-03 | not yet calculated | CVE-2018-11643 MISC |
| dialogic -- powermedia_xms | Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. | 2018-07-03 | not yet calculated | CVE-2018-11638 MISC |
| dialogic -- powermedia_xms | Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | 2018-07-03 | not yet calculated | CVE-2018-11642 MISC |
| dialogic -- powermedia_xms | Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. | 2018-07-03 | not yet calculated | CVE-2018-11634 MISC |
dnn -- dnn | DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | 2018-07-03 | not yet calculated | CVE-2017-0929 MISC |
| docker -- moby | The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | 2018-07-06 | not yet calculated | CVE-2018-10892 CONFIRM CONFIRM |
| dogtag -- dogtag_pki | Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences. | 2018-07-02 | not yet calculated | CVE-2018-1080 REDHAT CONFIRM CONFIRM CONFIRM |
| dongguan_diqee -- diqee360_devices | An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. | 2018-07-05 | not yet calculated | CVE-2018-10987 MISC |
| dongguan_diqee -- diqee360_devices | An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname. | 2018-07-05 | not yet calculated | CVE-2018-10988 MISC |
| ecessa_shieldlink -- sl175ehq_devices | ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | 2018-07-01 | not yet calculated | CVE-2018-13032 EXPLOIT-DB |
| entrust_datacard -- syntera_cs | Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | 2018-07-05 | not yet calculated | CVE-2018-13252 MISC |
| ethereum -- aichain_token | The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13175 MISC MISC |
| ethereum -- air-contact_token | The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13179 MISC MISC |
| ethereum -- alex_token | The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13162 MISC MISC |
| ethereum -- appcoins_token | The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13185 MISC MISC |
| ethereum -- assettoken | The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13158 MISC MISC |
| ethereum -- athleticoin_token | The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13166 MISC MISC |
| ethereum -- atlant_token | ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-11429 MISC MISC |
| ethereum -- azuriontoken | The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13068 MISC |
| ethereum -- bankcoin_token | The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13159 MISC MISC |
| ethereum -- betcash_token | The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13076 MISC |
| ethereum -- bitotal_token | Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13130 MISC MISC |
| ethereum -- bittelux_token | The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. | 2018-07-05 | not yet calculated | CVE-2018-13326 MISC |
| ethereum -- bonustoken | The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13156 MISC MISC |
| ethereum -- bzxcoin_token | The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13172 MISC MISC |
| ethereum -- carbon_exchange_coin_token | The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13075 MISC |
| ethereum -- ccindex10_token | The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13071 MISC |
| ethereum -- chuchulingaigo_token | The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. | 2018-07-05 | not yet calculated | CVE-2018-13327 MISC |
| ethereum -- cibn_live_token | The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13187 MISC MISC |
| ethereum -- coffeecoin_token | The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13072 MISC |
| ethereum -- coinstar_token | The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13087 MISC |
| ethereum -- cointoken | The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13217 MISC MISC |
| ethereum -- cranoo_token | The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13195 MISC MISC |
| ethereum -- crowdnext_token | The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13228 MISC MISC |
| ethereum -- cryptoabs_token | The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13174 MISC MISC |
| ethereum -- cryptonitexcoin_token | The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13157 MISC MISC |
| ethereum -- ctb_token | The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13077 MISC |
| ethereum -- dateme_token | The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13200 MISC MISC |
| ethereum -- destineed_token | The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13230 MISC MISC |
| ethereum -- dvchain_token | The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13190 MISC MISC |
| ethereum -- dychain_token | The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13069 MISC |
| ethereum -- easy_trading_token | The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. | 2018-07-03 | not yet calculated | CVE-2018-13113 MISC |
| ethereum -- ectoints_token | The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13178 MISC MISC |
| ethereum -- eliteshippertoken | The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13173 MISC MISC |
| ethereum -- encryptedtoken | The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13070 MISC |
| ethereum -- enter_token | The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13231 MISC MISC |
| ethereum -- enter_token | The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13232 MISC MISC |
| ethereum -- eppcoin_token | The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13164 MISC MISC |
| ethereum -- ethercash_token | The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13204 MISC MISC |
| ethereum -- ethereum_cash_pro_token | The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13169 MISC MISC |
| ethereum -- ethereumblack_token | The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13073 MISC |
| ethereum -- ethereumblack_token | The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13199 MISC |
| ethereum -- ethereumlegit_token | The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13212 MISC MISC |
| ethereum -- ethernet_cash_token | The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13163 MISC MISC |
| ethereum -- etherty_token | Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13128 MISC MISC |
| ethereum -- etktokens | The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13160 MISC MISC |
| ethereum -- extreme_coin_token | The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13221 MISC MISC |
| ethereum -- fibtoken | The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13074 MISC |
| ethereum -- freecoin_token | The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13085 MISC |
| ethereum -- futures_pease_token | The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13088 MISC |
| ethereum -- gemchain_token | The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13155 MISC |
| ethereum -- gmile_token | The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13214 MISC MISC |
| ethereum -- go_ethereum | The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. | 2018-07-04 | not yet calculated | CVE-2018-12018 MISC MISC MISC MISC |
| ethereum -- good_time_coin_token | The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13084 MISC |
| ethereum -- goodto_token | The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13079 MISC |
| ethereum -- goutex_token | The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13080 MISC |
| ethereum -- greenmed_token | The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13216 MISC MISC |
| ethereum -- growchain_token | The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. | 2018-07-05 | not yet calculated | CVE-2018-13325 MISC |
| ethereum -- gsi_token | The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13233 MISC MISC |
| ethereum -- gvtoken_genesis_vision | GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-11335 MISC MISC |
| ethereum -- gzs_token | The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13081 MISC |
| ethereum -- hentaisolo_token | The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13193 MISC MISC |
| ethereum -- iadowr_coin_token | The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13086 MISC |
| ethereum -- ico_dollar_token | The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13218 MISC MISC |
| ethereum -- imm_coin_token | The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13180 MISC MISC |
| ethereum -- javaswaptest_token | The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. | 2018-07-04 | not yet calculated | CVE-2018-13145 MISC |
| ethereum -- jitech_token | The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13078 MISC |
| ethereum -- jobscoin_token | The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13192 MISC MISC |
| ethereum -- justdcoin_token | The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13165 MISC MISC |
| ethereum -- jwc_token | The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13183 MISC MISC |
| ethereum -- ladatoken_token | The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13171 MISC MISC |
| ethereum -- lef_token | The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. | 2018-07-04 | not yet calculated | CVE-2018-13146 MISC |
| ethereum -- link_platform_token | The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-01 | not yet calculated | CVE-2018-13041 MISC |
| ethereum -- loncoin_token | The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13182 MISC MISC |
| ethereum -- mavcash_token | The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13220 MISC MISC |
| ethereum -- miningrigrentals_token | The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13177 MISC MISC |
| ethereum -- mmtcoin_token | The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13186 MISC MISC |
| ethereum -- modi_token | The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13082 MISC |
| ethereum -- moneychainnet_token | The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13227 MISC MISC |
ethereum -- moneytree_token | The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13208 MISC MISC |
| ethereum -- moxyonepresale | MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13126 MISC MISC |
| ethereum -- multigames_token | The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13161 MISC MISC |
| ethereum -- mybo_token | The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13202 MISC MISC |
| ethereum -- mybo_token | The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13188 MISC MISC |
| ethereum -- mytoken | The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13211 MISC MISC |
| ethereum -- myylc_token | The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13225 MISC MISC |
| ethereum -- nectar_token | The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13209 MISC MISC |
| ethereum -- objecttoken_token | The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13222 MISC MISC |
| ethereum -- ohni_2_token | The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13205 MISC MISC |
| ethereum -- pandora_token | The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. | 2018-07-04 | not yet calculated | CVE-2018-13144 MISC |
| ethereum -- pfgc_token | The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | 2018-07-05 | not yet calculated | CVE-2018-13328 MISC |
| ethereum -- plaza_token | The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13083 MISC |
| ethereum -- porncoin_token | The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13207 MISC MISC |
| ethereum -- providence_crypto_casino_token | The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13210 MISC MISC |
| ethereum -- providencecasino_token | The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13206 MISC MISC |
| ethereum -- r_time_token | The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13223 MISC MISC |
| ethereum -- reimburse_token | The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13092 MISC |
| ethereum -- ribtidecoin_token | The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13229 MISC MISC |
| ethereum -- sample_token | The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13215 MISC MISC |
| ethereum -- snoqualmie_coin_token | The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13170 MISC MISC |
| ethereum -- sp8de_presale_token | SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13127 MISC MISC |
| ethereum -- sp8de_token | SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13129 MISC |
| ethereum -- spadeico | Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13132 MISC MISC |
| ethereum -- spadepresale | SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | 2018-07-03 | not yet calculated | CVE-2018-13131 MISC MISC |
| ethereum -- stex_exchange_ico_token | The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13198 MISC MISC |
| ethereum -- sumocoin_token | The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13091 MISC |
| ethereum -- super_carbon_coin_token | The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13191 MISC MISC |
| ethereum -- swaptoken_token | The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13203 MISC MISC |
| ethereum -- t-swap-token | The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13196 MISC MISC |
| ethereum -- titok-ticket_token | The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13201 MISC MISC |
| ethereum -- tongtong_coin_token | The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13194 MISC MISC |
| ethereum -- travelcoin_token | The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13213 MISC MISC |
| ethereum -- travelzedi_token | The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13184 MISC MISC |
| ethereum -- troo_token | The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13181 MISC MISC |
| ethereum -- trust_zen_token | The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13176 MISC MISC |
| ethereum -- universal_coin_token | The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13089 MISC |
| ethereum -- unolabo_token | The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13189 MISC MISC |
| ethereum -- virtual_energy_units_token | The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13224 MISC MISC |
| ethereum -- welfare_token_fund_token | The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13197 MISC MISC |
| ethereum -- yitongcoin_token | The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-02 | not yet calculated | CVE-2018-13090 MISC |
| ethereum -- ylctoken | The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13226 MISC MISC |
| ethereum -- yourcoin_token | The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 2018-07-04 | not yet calculated | CVE-2018-13219 MISC MISC |
| ethereum -- yu_gi_oh_token | The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13168 MISC MISC |
| ethereum -- yu_gi_oh_token | The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 2018-07-04 | not yet calculated | CVE-2018-13167 MISC MISC |
| fast-cpp-csv-parser -- fast-cpp-csv-parser | Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h. | 2018-07-07 | not yet calculated | CVE-2018-13421 MISC |
| ffmpeg -- ffmpeg | In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | 2018-07-05 | not yet calculated | CVE-2018-13301 MISC |
| ffmpeg -- ffmpeg | In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. | 2018-07-05 | not yet calculated | CVE-2018-13304 MISC |
| ffmpeg -- ffmpeg | In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. | 2018-07-05 | not yet calculated | CVE-2018-13302 MISC |
| ffmpeg -- ffmpeg | In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. | 2018-07-05 | not yet calculated | CVE-2018-13305 MISC |
| ffmpeg -- ffmpeg | In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. | 2018-07-05 | not yet calculated | CVE-2018-13303 MISC |
| ffmpeg -- ffmpeg | In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | 2018-07-05 | not yet calculated | CVE-2018-13300 MISC |
| fortinet -- fortios | An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 2018-07-05 | not yet calculated | CVE-2018-9185 BID SECTRACK CONFIRM |
| gitlab -- community_and_enterprise_editions | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. | 2018-07-03 | not yet calculated | CVE-2017-0921 MISC |
gitlab -- community_and_enterprise_editions | GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. | 2018-07-03 | not yet calculated | CVE-2017-0919 MISC |
| glance -- glance | There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name. | 2018-07-03 | not yet calculated | CVE-2018-3748 MISC |
| gleez_cms -- gleez_cms | Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | 2018-07-05 | not yet calculated | CVE-2018-13340 MISC |
| glpi -- glpi | The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | 2018-07-02 | not yet calculated | CVE-2018-13049 CONFIRM |
| gnu -- binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. | 2018-07-01 | not yet calculated | CVE-2018-13033 BID MISC |
| golang -- go_doc_dot_org | In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. | 2018-07-05 | not yet calculated | CVE-2018-12976 CONFIRM MLIST |
| golden_frog -- vyprvpn | Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. | 2018-07-04 | not yet calculated | CVE-2018-13133 MISC MISC |
| htcondor -- htcondor | The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions. | 2018-07-05 | not yet calculated | CVE-2017-16816 CONFIRM MLIST |
| huawei -- emily-al00a_smart_phones | Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. | 2018-07-05 | not yet calculated | CVE-2018-7944 CONFIRM |
| huawei -- mate_9_pro_smart_phones | Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages. | 2018-07-02 | not yet calculated | CVE-2017-17175 CONFIRM |
| huawei -- multiple_devices | Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal. | 2018-07-02 | not yet calculated | CVE-2017-17317 CONFIRM |
| huawei -- multiple_devices | Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal. | 2018-07-02 | not yet calculated | CVE-2017-17316 CONFIRM |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. | 2018-07-06 | not yet calculated | CVE-2018-1546 XF CONFIRM |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097. | 2018-07-06 | not yet calculated | CVE-2018-1494 CONFIRM XF |
| ibm -- filenet_content_manager | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893. | 2018-07-06 | not yet calculated | CVE-2018-1556 CONFIRM SECTRACK XF |
| ibm -- filenet_content_manager | IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892. | 2018-07-06 | not yet calculated | CVE-2018-1555 CONFIRM SECTRACK XF |
ibm -- jazz_foundation | IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. | 2018-07-06 | not yet calculated | CVE-2017-1509 XF CONFIRM |
ibm -- jazz_foundation | An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627. | 2018-07-06 | not yet calculated | CVE-2017-1488 XF CONFIRM |
ibm -- jazz_foundation | IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355. | 2018-07-06 | not yet calculated | CVE-2017-1237 XF CONFIRM |
| ibm -- multiple_products | IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597. | 2018-07-06 | not yet calculated | CVE-2018-1542 CONFIRM SECTRACK XF |
| ibm -- planning_analytics | IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118. | 2018-07-06 | not yet calculated | CVE-2018-1676 CONFIRM XF |
| ibm -- quality_manager | IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231. | 2018-07-06 | not yet calculated | CVE-2017-1329 CONFIRM XF |
| ibm -- quality_manager | IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628. | 2018-07-06 | not yet calculated | CVE-2017-1248 CONFIRM XF |
| ibm -- quality_manager | IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524. | 2018-07-06 | not yet calculated | CVE-2017-1242 CONFIRM XF |
| ibm -- quality_manager | IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357. | 2018-07-06 | not yet calculated | CVE-2017-1239 CONFIRM XF |
| ibm -- quality_manager | IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356. | 2018-07-06 | not yet calculated | CVE-2017-1238 CONFIRM XF |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493. | 2018-07-03 | not yet calculated | CVE-2017-1592 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778. | 2018-07-03 | not yet calculated | CVE-2017-1568 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765. | 2018-07-03 | not yet calculated | CVE-2017-1565 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760. | 2018-07-03 | not yet calculated | CVE-2017-1561 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161. | 2018-07-03 | not yet calculated | CVE-2017-1299 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752. | 2018-07-03 | not yet calculated | CVE-2017-1277 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066. | 2018-07-03 | not yet calculated | CVE-2017-1691 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764. | 2018-07-03 | not yet calculated | CVE-2017-1564 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729. | 2018-07-03 | not yet calculated | CVE-2017-1317 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065. | 2018-07-03 | not yet calculated | CVE-2017-1690 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724. | 2018-07-03 | not yet calculated | CVE-2017-1313 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155. | 2018-07-03 | not yet calculated | CVE-2017-1294 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263. | 2018-07-03 | not yet calculated | CVE-2017-1652 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154. | 2018-07-03 | not yet calculated | CVE-2017-1293 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630. | 2018-07-03 | not yet calculated | CVE-2017-1250 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759. | 2018-07-03 | not yet calculated | CVE-2017-1281 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928. | 2018-07-03 | not yet calculated | CVE-2017-1608 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750. | 2018-07-03 | not yet calculated | CVE-2017-1275 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460. | 2018-07-03 | not yet calculated | CVE-2017-1306 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261. | 2018-07-03 | not yet calculated | CVE-2017-1651 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728. | 2018-07-03 | not yet calculated | CVE-2017-1316 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758. | 2018-07-03 | not yet calculated | CVE-2017-1280 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727. | 2018-07-03 | not yet calculated | CVE-2017-1315 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796. | 2018-07-03 | not yet calculated | CVE-2017-1717 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088. | 2018-07-03 | not yet calculated | CVE-2017-1621 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723. | 2018-07-03 | not yet calculated | CVE-2017-1312 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761. | 2018-07-03 | not yet calculated | CVE-2017-1562 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637. | 2018-07-03 | not yet calculated | CVE-2017-1715 XF CONFIRM |
| ibm -- quality_manager_and_rational_collaborative_lifecycle_management | IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725. | 2018-07-03 | not yet calculated | CVE-2017-1314 XF CONFIRM |
| ibm -- rational_products | Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758. | 2018-07-06 | not yet calculated | CVE-2017-1559 XF CONFIRM |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. | 2018-07-06 | not yet calculated | CVE-2018-1621 CONFIRM SECTRACK XF |
| ibm -- websphere_mq | IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. | 2018-07-06 | not yet calculated | CVE-2017-1795 CONFIRM XF |
| imagemagick -- imagemagick | In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. | 2018-07-04 | not yet calculated | CVE-2018-13153 SECTRACK CONFIRM |
| intex -- n150_devices | An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. | 2018-07-02 | not yet calculated | CVE-2018-12528 MISC EXPLOIT-DB |
| intex -- n150_devices | An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | 2018-07-02 | not yet calculated | CVE-2018-12529 MISC EXPLOIT-DB |
| invoiceplane -- invoiceplane | An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. | 2018-07-03 | not yet calculated | CVE-2018-12255 MISC MISC |
j2_innovations -- fin_stack | In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /auth/ariosa/login. | 2018-07-05 | not yet calculated | CVE-2017-11175 MISC |
| jirafeau -- jirafeau | A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | 2018-07-06 | not yet calculated | CVE-2018-13407 MISC |
| jirafeau -- jirafeau | script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter. | 2018-07-07 | not yet calculated | CVE-2018-11351 MISC |
| jirafeau -- jirafeau | An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | 2018-07-06 | not yet calculated | CVE-2018-13409 MISC |
| jirafeau -- jirafeau | An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | 2018-07-06 | not yet calculated | CVE-2018-13408 MISC |
| jirafeau -- jirafeau | The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | 2018-07-07 | not yet calculated | CVE-2018-11349 MISC |
| jirafeau -- jirafeau | An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | 2018-07-07 | not yet calculated | CVE-2018-11350 MISC |
| jpeg-compressor -- jpeg-compressor | An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. | 2018-07-01 | not yet calculated | CVE-2018-13037 MISC MISC |
| libming -- libming | libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | 2018-07-05 | not yet calculated | CVE-2018-13250 MISC |
| libming -- libming | In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | 2018-07-05 | not yet calculated | CVE-2018-13251 MISC |
| libming -- libming | There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE. | 2018-07-02 | not yet calculated | CVE-2018-13066 MISC |
| libsndfile -- libsndfile | An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. | 2018-07-07 | not yet calculated | CVE-2018-13419 MISC |
| libsndfile -- libsndfile | A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. | 2018-07-04 | not yet calculated | CVE-2018-13139 MISC |
| libsoup -- libsoup | soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to have unspecified impact via an empty hostname. | 2018-07-05 | not yet calculated | CVE-2018-12910 CONFIRM MLIST FEDORA UBUNTU DEBIAN |
| linux -- linux_kernel | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. | 2018-07-03 | not yet calculated | CVE-2018-13096 MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. | 2018-07-03 | not yet calculated | CVE-2018-13100 BID MISC MISC |
| linux -- linux_kernel | The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. | 2018-07-06 | not yet calculated | CVE-2018-13405 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. | 2018-07-03 | not yet calculated | CVE-2018-13094 MISC MISC MISC |
| linux -- linux_kernel | The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | 2018-07-02 | not yet calculated | CVE-2018-13053 BID MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. | 2018-07-03 | not yet calculated | CVE-2018-13099 BID MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. | 2018-07-03 | not yet calculated | CVE-2018-13095 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. | 2018-07-03 | not yet calculated | CVE-2018-13093 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). | 2018-07-03 | not yet calculated | CVE-2018-13097 MISC MISC |
| linux -- linux_kernel | An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | 2018-07-06 | not yet calculated | CVE-2018-13406 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. | 2018-07-02 | not yet calculated | CVE-2018-12896 MISC MISC MISC |
| linux -- linux_kernel | An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. | 2018-07-03 | not yet calculated | CVE-2018-13098 MISC MISC |
| medtronic -- 2090_carelink_programmer | Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications. | 2018-07-02 | not yet calculated | CVE-2018-10596 MISC |
| medtronic -- mycarelink_patient_monitor_and_mycarelink_monitor | Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. | 2018-07-02 | not yet calculated | CVE-2018-8868 MISC |
| medtronic -- mycarelink_patient_monitor_and_mycarelink_monitor | Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. | 2018-07-02 | not yet calculated | CVE-2018-8870 MISC |
| memjs -- memjs | `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | 2018-07-05 | not yet calculated | CVE-2018-3767 MISC |
| mercurial -- mercurial | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | 2018-07-05 | not yet calculated | CVE-2018-13348 MISC MISC |
| mercurial -- mercurial | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | 2018-07-05 | not yet calculated | CVE-2018-13347 MISC MISC MISC |
| mercurial -- mercurial | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | 2018-07-05 | not yet calculated | CVE-2018-13346 MISC MISC |
| merge-objects -- merge-objects | The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | 2018-07-03 | not yet calculated | CVE-2018-3753 MISC |
| merge-options -- merge-options | The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | 2018-07-03 | not yet calculated | CVE-2018-3752 MISC |
| merge-recursive -- merge-recursive | The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. | 2018-07-03 | not yet calculated | CVE-2018-3751 MISC |
| microsoft -- forefront_unified_access_gateway | uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | 2018-07-05 | not yet calculated | CVE-2018-12571 MISC FULLDISC FULLDISC SECTRACK |
| mongodb -- skyring_database | The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. | 2018-07-06 | not yet calculated | CVE-2017-2665 BID CONFIRM |
| motorola -- mbp853_firmware | The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. | 2018-07-02 | not yet calculated | CVE-2018-12499 MISC |
| naver -- whale_browser | Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name. | 2018-07-03 | not yet calculated | CVE-2018-7635 MISC |
| nextcloud -- calendar | In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | 2018-07-05 | not yet calculated | CVE-2018-3763 CONFIRM |
| nextcloud -- contacts | In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | 2018-07-05 | not yet calculated | CVE-2018-3764 CONFIRM |
| nextcloud -- server | Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | 2018-07-05 | not yet calculated | CVE-2018-3761 MISC CONFIRM |
| nextcloud -- server | Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | 2018-07-05 | not yet calculated | CVE-2018-3762 MISC CONFIRM |
| ntopng -- ntopng | An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. | 2018-07-05 | not yet calculated | CVE-2018-12520 FULLDISC MISC CONFIRM EXPLOIT-DB |
| omeka -- omeka | admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. | 2018-07-07 | not yet calculated | CVE-2018-13423 MISC MISC |
| onefilecms -- onefilecms | onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. | 2018-07-03 | not yet calculated | CVE-2018-13122 MISC |
| onefilecms -- onefilecms | onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. | 2018-07-03 | not yet calculated | CVE-2018-13123 MISC |
| onos -- onos | Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. | 2018-07-05 | not yet calculated | CVE-2018-12691 CONFIRM CONFIRM |
| open-xchange -- ox_app_suite | Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. | 2018-07-05 | not yet calculated | CVE-2018-9998 FULLDISC SECTRACK |
| open-xchange -- ox_app_suite | Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | 2018-07-05 | not yet calculated | CVE-2018-9997 FULLDISC SECTRACK |
| opencart -- opencart | /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | 2018-07-02 | not yet calculated | CVE-2018-13067 MISC |
| openshift -- container_platform | source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user. | 2018-07-02 | not yet calculated | CVE-2018-10843 REDHAT CONFIRM |
| opensid -- opensid | OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. | 2018-07-01 | not yet calculated | CVE-2018-13040 MISC |
| opensid -- opensid | OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. | 2018-07-01 | not yet calculated | CVE-2018-13039 MISC |
| opensid -- opensid | OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. | 2018-07-01 | not yet calculated | CVE-2018-13038 MISC |
| opmantek -- open-audit_community | Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | 2018-07-06 | not yet calculated | CVE-2018-11124 MISC |
| paessler -- prtg_network_monitor | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. | 2018-07-02 | not yet calculated | CVE-2018-9276 MISC BUGTRAQ |
| pan-os -- pan-os | The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. | 2018-07-03 | not yet calculated | CVE-2018-9334 CONFIRM |
| pan-os -- pan-os | The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | 2018-07-03 | not yet calculated | CVE-2018-7636 SECTRACK CONFIRM |
| pan-os -- pan-os | The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | 2018-07-03 | not yet calculated | CVE-2018-9242 CONFIRM |
| pan-os -- pan-os | The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | 2018-07-03 | not yet calculated | CVE-2018-9335 BID CONFIRM |
| pan-os -- pan-os | The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | 2018-07-03 | not yet calculated | CVE-2018-9337 BID CONFIRM |
| podman -- podman | It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container. | 2018-07-02 | not yet calculated | CVE-2018-10856 REDHAT CONFIRM CONFIRM |
| public -- public | The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. | 2018-07-03 | not yet calculated | CVE-2018-3747 MISC |
| puppet -- discovery | In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery. | 2018-07-03 | not yet calculated | CVE-2018-11746 CONFIRM |
qemu -- qemu | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. | 2018-07-02 | not yet calculated | CVE-2017-2615 REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT REDHAT MLIST BID SECTRACK CONFIRM MLIST GENTOO GENTOO CONFIRM |
qualcomm -- android | The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5892 CONFIRM |
| qualcomm -- android | Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-07-06 | not yet calculated | CVE-2018-5907 |
| qualcomm -- android | Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5898 CONFIRM |
| qualcomm -- android | In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. | 2018-07-06 | not yet calculated | CVE-2018-5862 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. | 2018-07-06 | not yet calculated | CVE-2018-5853 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5885 CONFIRM |
| qualcomm -- android | In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition. | 2018-07-06 | not yet calculated | CVE-2018-5831 CONFIRM CONFIRM CONFIRM |
qualcomm -- android | Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. | 2018-07-06 | not yet calculated | CVE-2018-11257 CONFIRM |
qualcomm -- android | Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. | 2018-07-06 | not yet calculated | CVE-2017-11088 CONFIRM |
| qualcomm -- android | While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5887 CONFIRM CONFIRM |
| qualcomm -- android | While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur. | 2018-07-06 | not yet calculated | CVE-2018-5855 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-3577 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-07-06 | not yet calculated | CVE-2018-3586 MISC |
| qualcomm -- android | In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. | 2018-07-06 | not yet calculated | CVE-2018-5836 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5835 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur. | 2018-07-06 | not yet calculated | CVE-2018-5858 CONFIRM CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. | 2018-07-06 | not yet calculated | CVE-2018-5859 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. | 2018-07-06 | not yet calculated | CVE-2018-3597 CONFIRM CONFIRM |
| qualcomm -- android | Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2017-15856 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied. | 2018-07-06 | not yet calculated | CVE-2018-5896 CONFIRM |
qualcomm -- android | In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. | 2018-07-06 | not yet calculated | CVE-2018-11258 CONFIRM |
| qualcomm -- android | While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5874 CONFIRM |
| qualcomm -- android | Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur. | 2018-07-06 | not yet calculated | CVE-2018-5832 CONFIRM CONFIRM |
| qualcomm -- android | While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5889 CONFIRM CONFIRM |
qualcomm -- android | While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5875 CONFIRM |
| qualcomm -- android | While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. | 2018-07-06 | not yet calculated | CVE-2018-5865 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. | 2018-07-06 | not yet calculated | CVE-2018-5893 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. | 2018-07-06 | not yet calculated | CVE-2018-5886 CONFIRM CONFIRM |
qualcomm -- android | Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. | 2018-07-06 | not yet calculated | CVE-2018-11259 CONFIRM |
| qualcomm -- android | While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. | 2018-07-06 | not yet calculated | CVE-2018-5864 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2017-14893 CONFIRM CONFIRM |
| qualcomm -- android | Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. | 2018-07-06 | not yet calculated | CVE-2018-5884 CONFIRM |
| qualcomm -- android | In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference. | 2018-07-06 | not yet calculated | CVE-2018-3570 MISC MISC |
| qualcomm -- android | In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails. | 2018-07-06 | not yet calculated | CVE-2018-3564 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5878 CONFIRM |
| qualcomm -- android | While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5897 CONFIRM |
| qualcomm -- android | In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5834 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5895 CONFIRM CONFIRM |
| qualcomm -- android | Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images. | 2018-07-06 | not yet calculated | CVE-2017-18158 CONFIRM CONFIRM |
| qualcomm -- android | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. | 2018-07-06 | not yet calculated | CVE-2018-5899 CONFIRM CONFIRM |
| qualcomm -- android | If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5890 CONFIRM CONFIRM |
| qualcomm -- android | While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5876 CONFIRM |
| qualcomm -- android | While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5888 CONFIRM CONFIRM |
| qualcomm -- android | Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel | 2018-07-06 | not yet calculated | CVE-2017-15851 MISC MISC |
qualcomm -- android | While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5891 CONFIRM |
| qualcomm -- android | Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur. | 2018-07-06 | not yet calculated | CVE-2018-5894 CONFIRM |
qualcomm -- android | While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | 2018-07-06 | not yet calculated | CVE-2018-5882 CONFIRM |
| qualcomm -- android | An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. | 2018-07-06 | not yet calculated | CVE-2018-5873 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur. | 2018-07-06 | not yet calculated | CVE-2018-5829 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur. | 2018-07-06 | not yet calculated | CVE-2017-18159 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-07-06 | not yet calculated | CVE-2018-11304 |
| qualcomm -- android | While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-5830 CONFIRM CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory. | 2018-07-06 | not yet calculated | CVE-2017-15824 CONFIRM |
| qualcomm -- android | In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. | 2018-07-06 | not yet calculated | CVE-2018-3587 CONFIRM CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. | 2018-07-06 | not yet calculated | CVE-2018-5872 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. | 2018-07-06 | not yet calculated | CVE-2018-5838 CONFIRM |
| qualcomm -- android | A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2018-3569 CONFIRM CONFIRM CONFIRM |
| qualcomm -- android | While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | 2018-07-06 | not yet calculated | CVE-2017-14872 CONFIRM CONFIRM |
| query-mysql -- query-mysql | Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database. | 2018-07-03 | not yet calculated | CVE-2018-3754 MISC |
| rails_admin -- rails_admin | rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. | 2018-07-05 | not yet calculated | CVE-2016-10522 CONFIRM MISC MISC |
realnetworks -- realoneplayer | RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. | 2018-07-03 | not yet calculated | CVE-2018-13121 MISC |
| red_hat -- openshift | In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. | 2018-07-05 | not yet calculated | CVE-2018-10885 CONFIRM |
| red_hat-- fedora_and_enterprise_linux | setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. | 2018-07-02 | not yet calculated | CVE-2018-1113 CONFIRM |
| redswimmer -- kiosksimple | KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries. | 2018-07-03 | not yet calculated | CVE-2018-13101 MISC |
| roku -- roku_and_roku_tv_products | The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | 2018-07-03 | not yet calculated | CVE-2018-11314 MISC MISC |
| rsa -- certificate_manager | RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | 2018-07-03 | not yet calculated | CVE-2018-11051 FULLDISC SECTRACK |
| ruby-grape -- ruby-grape | ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | 2018-07-05 | not yet calculated | CVE-2018-3769 CONFIRM CONFIRM CONFIRM |
| schneider_electric -- evlink_charging_station | In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users. | 2018-07-03 | not yet calculated | CVE-2018-7778 CONFIRM |
| schneider_electric -- pelco_sarix_professional_cameras | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation. | 2018-07-03 | not yet calculated | CVE-2018-7781 CONFIRM |
| schneider_electric -- pelco_sarix_professional_cameras | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. | 2018-07-03 | not yet calculated | CVE-2018-7782 CONFIRM |
| schneider_electric -- pelco_sarix_professional_cameras | In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". | 2018-07-03 | not yet calculated | CVE-2018-7780 CONFIRM |
| schneider_electric -- somachine_basic | Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file. | 2018-07-03 | not yet calculated | CVE-2018-7783 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7767 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7765 CONFIRM |
| schneider_electric -- u.motion_builder | In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. | 2018-07-03 | not yet calculated | CVE-2018-7786 BID CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability. | 2018-07-03 | not yet calculated | CVE-2018-7763 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7769 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet. | 2018-07-03 | not yet calculated | CVE-2018-7764 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address. | 2018-07-03 | not yet calculated | CVE-2018-7770 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7774 CONFIRM |
| schneider_electric -- u.motion_builder | In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. | 2018-07-03 | not yet calculated | CVE-2018-7784 BID CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7768 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7766 CONFIRM |
| schneider_electric -- u.motion_builder | In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | 2018-07-03 | not yet calculated | CVE-2018-7785 BID CONFIRM |
| schneider_electric -- u.motion_builder | In Schneider Electric U.motion Builder software versions prior to v1.3.4, malicious clients can upload and cause the smbd server to execute a shared library from a writable share. | 2018-07-03 | not yet calculated | CVE-2018-7777 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data. | 2018-07-03 | not yet calculated | CVE-2018-7775 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. | 2018-07-03 | not yet calculated | CVE-2018-7773 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. | 2018-07-03 | not yet calculated | CVE-2018-7771 CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request. | 2018-07-03 | not yet calculated | CVE-2018-7772 CONFIRM |
| schneider_electric -- u.motion_builder | In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. | 2018-07-03 | not yet calculated | CVE-2018-7787 BID CONFIRM |
| schneider_electric -- u.motion_builder | The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. | 2018-07-03 | not yet calculated | CVE-2018-7776 CONFIRM |
| schneider_electric -- wiser_for_knx | In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. | 2018-07-03 | not yet calculated | CVE-2018-7779 CONFIRM |
| sencha -- ext_js | The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | 2018-07-05 | not yet calculated | CVE-2018-8046 CONFIRM FULLDISC |
| siemens -- siclock | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users. | 2018-07-03 | not yet calculated | CVE-2018-4856 BID CONFIRM |
| siemens -- siclock | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system. | 2018-07-03 | not yet calculated | CVE-2018-4854 BID CONFIRM |
| siemens -- siclock | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed. | 2018-07-03 | not yet calculated | CVE-2018-4851 BID CONFIRM |
| siemens -- siclock | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device. | 2018-07-03 | not yet calculated | CVE-2018-4852 BID CONFIRM |
| siemens -- siclock | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device. | 2018-07-03 | not yet calculated | CVE-2018-4853 BID CONFIRM |
| siemens -- siclock | A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. | 2018-07-03 | not yet calculated | CVE-2018-4855 BID CONFIRM |
| singularity -- singularity | Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features. | 2018-07-05 | not yet calculated | CVE-2018-12021 CONFIRM |
| sonos -- wireless_speaker_products | The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | 2018-07-03 | not yet calculated | CVE-2018-11316 MISC MISC |
| synology -- carddav_server | Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | 2018-07-05 | not yet calculated | CVE-2018-8928 CONFIRM |
| synology -- synology_ssl_vpn_client | Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | 2018-07-06 | not yet calculated | CVE-2018-8929 CONFIRM |
| synology -- universal_search | Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | 2018-07-05 | not yet calculated | CVE-2017-16773 CONFIRM |
| tcexam -- tcexam | TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | 2018-07-07 | not yet calculated | CVE-2018-13422 MISC |
| tcpreplay -- tcpreplay | get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. | 2018-07-03 | not yet calculated | CVE-2018-13112 MISC |
| tp-link -- archer_c1200_wireless_router | TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | 2018-07-04 | not yet calculated | CVE-2018-13134 MISC |
| tp-link -- tl-wr841n_devices | The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | 2018-07-02 | not yet calculated | CVE-2018-12577 MISC |
| tp-link -- tl-wr841n_devices | CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | 2018-07-02 | not yet calculated | CVE-2018-12574 MISC |
| tp-link -- tl-wr841n_devices | TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | 2018-07-02 | not yet calculated | CVE-2018-12576 MISC |
| tp-link -- tl-wr841n_devices | On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | 2018-07-02 | not yet calculated | CVE-2018-12575 MISC |
| trackr -- trackr_bravo | Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | 2018-07-06 | not yet calculated | CVE-2016-6540 BID MISC CERT-VN MISC |
| trackr -- trackr_bravo | The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | 2018-07-06 | not yet calculated | CVE-2016-6539 BID MISC CERT-VN MISC |
| trackr -- trackr_bravo | TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | 2018-07-06 | not yet calculated | CVE-2016-6541 BID MISC CERT-VN MISC |
| trackr -- trackr_bravo | The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | 2018-07-06 | not yet calculated | CVE-2016-6538 BID MISC CERT-VN MISC |
| trend_micro -- maximum_security_2018 | A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | 2018-07-06 | not yet calculated | CVE-2018-3608 MISC MISC |
| ubiquiti -- ucrm | Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization". | 2018-07-03 | not yet calculated | CVE-2017-0913 MISC MISC |
| ubiquiti -- ucrm | Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling". | 2018-07-03 | not yet calculated | CVE-2017-0912 MISC |
| wordpress -- wordpress | The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. | 2018-07-02 | not yet calculated | CVE-2018-12426 MISC MISC |
| wordpress -- wordpress | The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 2018-07-04 | not yet calculated | CVE-2018-13136 MISC MISC |
| xapian -- xapian-core | A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | 2018-07-02 | not yet calculated | CVE-2018-0499 CONFIRM CONFIRM |
| xen -- xen | An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability. | 2018-07-02 | not yet calculated | CVE-2018-12891 MLIST BID SECTRACK CONFIRM CONFIRM DEBIAN |
| xen -- xen | An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. | 2018-07-02 | not yet calculated | CVE-2018-12893 MLIST BID SECTRACK CONFIRM CONFIRM CONFIRM DEBIAN |
| xen -- xen | An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. | 2018-07-02 | not yet calculated | CVE-2018-12892 MLIST BID SECTRACK CONFIRM DEBIAN |
| zoho -- manageengine_applications_manager | A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x via the j_username parameter in a /j_security_check POST request. | 2018-07-02 | not yet calculated | CVE-2018-13050 MISC |
| zoho -- manageengine_eventlog_analyzer | An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). | 2018-07-02 | not yet calculated | CVE-2018-10076 CONFIRM |
| zoho -- manageengine_eventlog_analyzer | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. | 2018-07-02 | not yet calculated | CVE-2018-10075 CONFIRM |
| zzcms -- zzcms | /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | 2018-07-03 | not yet calculated | CVE-2018-13116 MISC |
| zzcms -- zzcms | An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | 2018-07-02 | not yet calculated | CVE-2018-13056 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.