본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB18-190)] 2018년 7월 2일까지 발표된 보안 취약점

by manga0713 2018. 7. 10.

 

 

 

 

*** 출처: [US-CERT: Bulletin(SB18-190)] 2018년 7월 2일까지 발표된 보안 취약점

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adb -- broadband_gateways_and_routers All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. 2018-07-06 not yet calculated CVE-2018-13110
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
adb -- broadband_gateways_and_routers All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP. 2018-07-06 not yet calculated CVE-2018-13108
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
adb -- broadband_gateways_and_routers
 
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well. 2018-07-06 not yet calculated CVE-2018-13109
MISC(link is external)
FULLDISC
BUGTRAQ(link is external)
EXPLOIT-DB(link is external)
MISC(link is external)
airties -- airties
 
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. 2018-07-05 not yet calculated CVE-2018-8738
EXPLOIT-DB(link is external)
MISC(link is external)
angular -- redactor Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. 2018-07-05 not yet calculated CVE-2018-13339
MISC(link is external)
MISC(link is external)
ansible -- ansible
 
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. 2018-07-02 not yet calculated CVE-2018-10855
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
CONFIRM(link is external)
ansible -- ansible
 
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. 2018-07-02 not yet calculated CVE-2018-10874
CONFIRM(link is external)
anydesk -- anydesk
 
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. 2018-07-03 not yet calculated CVE-2018-13102
CONFIRM(link is external)
apache -- cxf It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. 2018-07-02 not yet calculated CVE-2018-8039
CONFIRM
SECTRACK(link is external)
CONFIRM(link is external)
MLIST
apache -- cxf_fediz Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. 2018-07-05 not yet calculated CVE-2018-8038
CONFIRM
SECTRACK(link is external)
CONFIRM(link is external)
MLIST
apache -- pdfbox In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. 2018-07-03 not yet calculated CVE-2018-8036
MLIST
apache -- solr
 
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. 2018-07-05 not yet calculated CVE-2018-8026
CONFIRM
MLIST
archive::zip -- archive::zip
 
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. 2018-06-29 not yet calculated CVE-2018-10860
BID(link is external)
CONFIRM(link is external)
UBUNTU(link is external)
UBUNTU(link is external)
bedita -- bedita
 
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. 2018-07-04 not yet calculated CVE-2015-9260
MISC(link is external)
MISC(link is external)
MISC(link is external)
beescms -- beescms In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. 2018-07-05 not yet calculated CVE-2018-12739
MISC(link is external)
EXPLOIT-DB(link is external)
bitcoin_core -- bitcoin_core In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. 2018-07-05 not yet calculated CVE-2016-10725
MISC(link is external)
MISC
bitcoin_core -- bitcoin_core
 
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. 2018-07-05 not yet calculated CVE-2016-10724
MISC(link is external)
MISC
buttle -- buttle Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. 2018-07-05 not yet calculated CVE-2018-3766
MISC(link is external)
cinnamon -- cinnamon
 
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. 2018-07-02 not yet calculated CVE-2018-13054
MISC(link is external)
MISC(link is external)
clippercms -- clippercms
 
ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. 2018-07-03 not yet calculated CVE-2018-13106
MISC(link is external)
core -- ftp_le Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response. 2018-07-05 not yet calculated CVE-2018-12113
MISC(link is external)
MISC(link is external)
MISC(link is external)
cyberark -- endpoint_privilege_manager In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. 2018-07-05 not yet calculated CVE-2018-13052
MISC(link is external)
d-link -- dir-890l_a2_devices An issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point. 2018-07-05 not yet calculated CVE-2018-12103
FULLDISC
damicms -- damicms
 
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. 2018-07-05 not yet calculated CVE-2018-13031
MISC(link is external)
EXPLOIT-DB(link is external)
debian -- devscripts
 
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. 2018-07-01 not yet calculated CVE-2018-13043
MISC
UBUNTU(link is external)
deep-extend -- deep-extend The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. 2018-07-03 not yet calculated CVE-2018-3750
MISC(link is external)
deep-node -- deep-node The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. 2018-07-03 not yet calculated CVE-2018-3749
MISC(link is external)
dell_emc -- ecs Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests. 2018-07-03 not yet calculated CVE-2018-11052
FULLDISC
BID(link is external)
dell_emc -- idrac Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server. 2018-07-02 not yet calculated CVE-2018-1249
CONFIRM(link is external)
dell_emc -- idrac Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. 2018-07-02 not yet calculated CVE-2018-1244
CONFIRM(link is external)
dell_emc -- idrac The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. 2018-07-02 not yet calculated CVE-2018-1212
CONFIRM(link is external)
dell_emc -- idrac Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. 2018-07-02 not yet calculated CVE-2018-1243
CONFIRM(link is external)
dialogic -- powermedia_xms Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. 2018-07-03 not yet calculated CVE-2018-11641
MISC
dialogic -- powermedia_xms Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. 2018-07-03 not yet calculated CVE-2018-11635
MISC
dialogic -- powermedia_xms Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext. 2018-07-03 not yet calculated CVE-2018-11639
MISC
dialogic -- powermedia_xms Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. 2018-07-03 not yet calculated CVE-2018-11636
MISC
dialogic -- powermedia_xms Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. 2018-07-03 not yet calculated CVE-2018-11637
MISC
dialogic -- powermedia_xms XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption). 2018-07-03 not yet calculated CVE-2018-11640
MISC
dialogic -- powermedia_xms SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter. 2018-07-03 not yet calculated CVE-2018-11643
MISC
dialogic -- powermedia_xms Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution. 2018-07-03 not yet calculated CVE-2018-11638
MISC
dialogic -- powermedia_xms Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. 2018-07-03 not yet calculated CVE-2018-11642
MISC
dialogic -- powermedia_xms Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db. 2018-07-03 not yet calculated CVE-2018-11634
MISC

dnn -- dnn

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. 2018-07-03 not yet calculated CVE-2017-0929
MISC(link is external)
docker -- moby
 
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. 2018-07-06 not yet calculated CVE-2018-10892
CONFIRM(link is external)
CONFIRM(link is external)
dogtag -- dogtag_pki
 
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences. 2018-07-02 not yet calculated CVE-2018-1080
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
dongguan_diqee -- diqee360_devices An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. 2018-07-05 not yet calculated CVE-2018-10987
MISC(link is external)
dongguan_diqee -- diqee360_devices An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname. 2018-07-05 not yet calculated CVE-2018-10988
MISC(link is external)
ecessa_shieldlink -- sl175ehq_devices ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. 2018-07-01 not yet calculated CVE-2018-13032
EXPLOIT-DB(link is external)
entrust_datacard -- syntera_cs
 
Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. 2018-07-05 not yet calculated CVE-2018-13252
MISC(link is external)
ethereum -- aichain_token The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13175
MISC(link is external)
MISC(link is external)
ethereum -- air-contact_token The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13179
MISC(link is external)
MISC(link is external)
ethereum -- alex_token The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13162
MISC(link is external)
MISC(link is external)
ethereum -- appcoins_token The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13185
MISC(link is external)
MISC(link is external)
ethereum -- assettoken The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13158
MISC(link is external)
MISC(link is external)
ethereum -- athleticoin_token The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13166
MISC(link is external)
MISC(link is external)
ethereum -- atlant_token ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-11429
MISC(link is external)
MISC(link is external)
ethereum -- azuriontoken The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13068
MISC(link is external)
ethereum -- bankcoin_token The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13159
MISC(link is external)
MISC(link is external)
ethereum -- betcash_token The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13076
MISC(link is external)
ethereum -- bitotal_token Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13130
MISC(link is external)
MISC(link is external)
ethereum -- bittelux_token The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. 2018-07-05 not yet calculated CVE-2018-13326
MISC(link is external)
ethereum -- bonustoken The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13156
MISC(link is external)
MISC(link is external)
ethereum -- bzxcoin_token The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13172
MISC(link is external)
MISC(link is external)
ethereum -- carbon_exchange_coin_token The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13075
MISC(link is external)
ethereum -- ccindex10_token The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13071
MISC(link is external)
ethereum -- chuchulingaigo_token The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. 2018-07-05 not yet calculated CVE-2018-13327
MISC(link is external)
ethereum -- cibn_live_token The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13187
MISC(link is external)
MISC(link is external)
ethereum -- coffeecoin_token The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13072
MISC(link is external)
ethereum -- coinstar_token The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13087
MISC(link is external)
ethereum -- cointoken The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13217
MISC(link is external)
MISC(link is external)
ethereum -- cranoo_token The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13195
MISC(link is external)
MISC(link is external)
ethereum -- crowdnext_token The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13228
MISC(link is external)
MISC(link is external)
ethereum -- cryptoabs_token The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13174
MISC(link is external)
MISC(link is external)
ethereum -- cryptonitexcoin_token The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13157
MISC(link is external)
MISC(link is external)
ethereum -- ctb_token The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13077
MISC(link is external)
ethereum -- dateme_token The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13200
MISC(link is external)
MISC(link is external)
ethereum -- destineed_token The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13230
MISC(link is external)
MISC(link is external)
ethereum -- dvchain_token The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13190
MISC(link is external)
MISC(link is external)
ethereum -- dychain_token The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13069
MISC(link is external)
ethereum -- easy_trading_token The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. 2018-07-03 not yet calculated CVE-2018-13113
MISC(link is external)
ethereum -- ectoints_token The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13178
MISC(link is external)
MISC(link is external)
ethereum -- eliteshippertoken The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13173
MISC(link is external)
MISC(link is external)
ethereum -- encryptedtoken The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13070
MISC(link is external)
ethereum -- enter_token The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13231
MISC(link is external)
MISC(link is external)
ethereum -- enter_token The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13232
MISC(link is external)
MISC(link is external)
ethereum -- eppcoin_token The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13164
MISC(link is external)
MISC(link is external)
ethereum -- ethercash_token The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13204
MISC(link is external)
MISC(link is external)
ethereum -- ethereum_cash_pro_token The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13169
MISC(link is external)
MISC(link is external)
ethereum -- ethereumblack_token The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13073
MISC(link is external)
ethereum -- ethereumblack_token The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13199
MISC(link is external)
ethereum -- ethereumlegit_token The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13212
MISC(link is external)
MISC(link is external)
ethereum -- ethernet_cash_token The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13163
MISC(link is external)
MISC(link is external)
ethereum -- etherty_token Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13128
MISC(link is external)
MISC(link is external)
ethereum -- etktokens The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13160
MISC(link is external)
MISC(link is external)
ethereum -- extreme_coin_token The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13221
MISC(link is external)
MISC(link is external)
ethereum -- fibtoken The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13074
MISC(link is external)
ethereum -- freecoin_token The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13085
MISC(link is external)
ethereum -- futures_pease_token The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13088
MISC(link is external)
ethereum -- gemchain_token The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13155
MISC(link is external)
ethereum -- gmile_token The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13214
MISC(link is external)
MISC(link is external)
ethereum -- go_ethereum The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. 2018-07-04 not yet calculated CVE-2018-12018
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
ethereum -- good_time_coin_token The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13084
MISC(link is external)
ethereum -- goodto_token The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13079
MISC(link is external)
ethereum -- goutex_token The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13080
MISC(link is external)
ethereum -- greenmed_token The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13216
MISC(link is external)
MISC(link is external)
ethereum -- growchain_token The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. 2018-07-05 not yet calculated CVE-2018-13325
MISC(link is external)
ethereum -- gsi_token The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13233
MISC(link is external)
MISC(link is external)
ethereum -- gvtoken_genesis_vision GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-11335
MISC(link is external)
MISC(link is external)
ethereum -- gzs_token The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13081
MISC(link is external)
ethereum -- hentaisolo_token The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13193
MISC(link is external)
MISC(link is external)
ethereum -- iadowr_coin_token The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13086
MISC(link is external)
ethereum -- ico_dollar_token The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13218
MISC(link is external)
MISC(link is external)
ethereum -- imm_coin_token The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13180
MISC(link is external)
MISC(link is external)
ethereum -- javaswaptest_token The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. 2018-07-04 not yet calculated CVE-2018-13145
MISC(link is external)
ethereum -- jitech_token The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13078
MISC(link is external)
ethereum -- jobscoin_token The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13192
MISC(link is external)
MISC(link is external)
ethereum -- justdcoin_token The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13165
MISC(link is external)
MISC(link is external)
ethereum -- jwc_token The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13183
MISC(link is external)
MISC(link is external)
ethereum -- ladatoken_token The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13171
MISC(link is external)
MISC(link is external)
ethereum -- lef_token The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. 2018-07-04 not yet calculated CVE-2018-13146
MISC(link is external)
ethereum -- link_platform_token The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-01 not yet calculated CVE-2018-13041
MISC(link is external)
ethereum -- loncoin_token The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13182
MISC(link is external)
MISC(link is external)
ethereum -- mavcash_token The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13220
MISC(link is external)
MISC(link is external)
ethereum -- miningrigrentals_token The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13177
MISC(link is external)
MISC(link is external)
ethereum -- mmtcoin_token The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13186
MISC(link is external)
MISC(link is external)
ethereum -- modi_token The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13082
MISC(link is external)
ethereum -- moneychainnet_token The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13227
MISC(link is external)
MISC(link is external)

ethereum -- moneytree_token

The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13208
MISC(link is external)
MISC(link is external)
ethereum -- moxyonepresale MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13126
MISC(link is external)
MISC(link is external)
ethereum -- multigames_token The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13161
MISC(link is external)
MISC(link is external)
ethereum -- mybo_token The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13202
MISC(link is external)
MISC(link is external)
ethereum -- mybo_token The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13188
MISC(link is external)
MISC(link is external)
ethereum -- mytoken The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13211
MISC(link is external)
MISC(link is external)
ethereum -- myylc_token The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13225
MISC(link is external)
MISC(link is external)
ethereum -- nectar_token The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13209
MISC(link is external)
MISC(link is external)
ethereum -- objecttoken_token The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13222
MISC(link is external)
MISC(link is external)
ethereum -- ohni_2_token The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13205
MISC(link is external)
MISC(link is external)
ethereum -- pandora_token The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. 2018-07-04 not yet calculated CVE-2018-13144
MISC(link is external)
ethereum -- pfgc_token The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. 2018-07-05 not yet calculated CVE-2018-13328
MISC(link is external)
ethereum -- plaza_token The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13083
MISC(link is external)
ethereum -- porncoin_token The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13207
MISC(link is external)
MISC(link is external)
ethereum -- providence_crypto_casino_token The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13210
MISC(link is external)
MISC(link is external)
ethereum -- providencecasino_token The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13206
MISC(link is external)
MISC(link is external)
ethereum -- r_time_token The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13223
MISC(link is external)
MISC(link is external)
ethereum -- reimburse_token The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13092
MISC(link is external)
ethereum -- ribtidecoin_token The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13229
MISC(link is external)
MISC(link is external)
ethereum -- sample_token The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13215
MISC(link is external)
MISC(link is external)
ethereum -- snoqualmie_coin_token The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13170
MISC(link is external)
MISC(link is external)
ethereum -- sp8de_presale_token SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13127
MISC(link is external)
MISC(link is external)
ethereum -- sp8de_token SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13129
MISC(link is external)
ethereum -- spadeico Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13132
MISC(link is external)
MISC(link is external)
ethereum -- spadepresale SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. 2018-07-03 not yet calculated CVE-2018-13131
MISC(link is external)
MISC(link is external)
ethereum -- stex_exchange_ico_token The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13198
MISC(link is external)
MISC(link is external)
ethereum -- sumocoin_token The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13091
MISC(link is external)
ethereum -- super_carbon_coin_token The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13191
MISC(link is external)
MISC(link is external)
ethereum -- swaptoken_token The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13203
MISC(link is external)
MISC(link is external)
ethereum -- t-swap-token The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13196
MISC(link is external)
MISC(link is external)
ethereum -- titok-ticket_token The sell function of a smart contract implementation for TiTok - Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13201
MISC(link is external)
MISC(link is external)
ethereum -- tongtong_coin_token The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13194
MISC(link is external)
MISC(link is external)
ethereum -- travelcoin_token The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13213
MISC(link is external)
MISC(link is external)
ethereum -- travelzedi_token The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13184
MISC(link is external)
MISC(link is external)
ethereum -- troo_token The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13181
MISC(link is external)
MISC(link is external)
ethereum -- trust_zen_token The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13176
MISC(link is external)
MISC(link is external)
ethereum -- universal_coin_token The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13089
MISC(link is external)
ethereum -- unolabo_token The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13189
MISC(link is external)
MISC(link is external)
ethereum -- virtual_energy_units_token The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13224
MISC(link is external)
MISC(link is external)
ethereum -- welfare_token_fund_token The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13197
MISC(link is external)
MISC(link is external)
ethereum -- yitongcoin_token The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-02 not yet calculated CVE-2018-13090
MISC(link is external)
ethereum -- ylctoken The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13226
MISC(link is external)
MISC(link is external)
ethereum -- yourcoin_token The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. 2018-07-04 not yet calculated CVE-2018-13219
MISC(link is external)
MISC(link is external)
ethereum -- yu_gi_oh_token The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13168
MISC(link is external)
MISC(link is external)
ethereum -- yu_gi_oh_token The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-04 not yet calculated CVE-2018-13167
MISC(link is external)
MISC(link is external)
fast-cpp-csv-parser -- fast-cpp-csv-parser Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h. 2018-07-07 not yet calculated CVE-2018-13421
MISC(link is external)
ffmpeg -- ffmpeg In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. 2018-07-05 not yet calculated CVE-2018-13301
MISC(link is external)
ffmpeg -- ffmpeg In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. 2018-07-05 not yet calculated CVE-2018-13304
MISC(link is external)
ffmpeg -- ffmpeg In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. 2018-07-05 not yet calculated CVE-2018-13302
MISC(link is external)
ffmpeg -- ffmpeg
 
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. 2018-07-05 not yet calculated CVE-2018-13305
MISC(link is external)
ffmpeg -- ffmpeg
 
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. 2018-07-05 not yet calculated CVE-2018-13303
MISC(link is external)
ffmpeg -- ffmpeg
 
In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. 2018-07-05 not yet calculated CVE-2018-13300
MISC(link is external)
fortinet -- fortios
 
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. 2018-07-05 not yet calculated CVE-2018-9185
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
gitlab -- community_and_enterprise_editions GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised. 2018-07-03 not yet calculated CVE-2017-0921
MISC(link is external)

gitlab -- community_and_enterprise_editions

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized. 2018-07-03 not yet calculated CVE-2017-0919
MISC(link is external)
glance -- glance There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name. 2018-07-03 not yet calculated CVE-2018-3748
MISC(link is external)
gleez_cms -- gleez_cms Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. 2018-07-05 not yet calculated CVE-2018-13340
MISC(link is external)
glpi -- glpi
 
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. 2018-07-02 not yet calculated CVE-2018-13049
CONFIRM(link is external)
gnu -- binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. 2018-07-01 not yet calculated CVE-2018-13033
BID(link is external)
MISC
golang -- go_doc_dot_org In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. 2018-07-05 not yet calculated CVE-2018-12976
CONFIRM(link is external)
MLIST(link is external)
golden_frog -- vyprvpn
 
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. 2018-07-04 not yet calculated CVE-2018-13133
MISC(link is external)
MISC(link is external)
htcondor -- htcondor
 
The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions. 2018-07-05 not yet calculated CVE-2017-16816
CONFIRM(link is external)
MLIST(link is external)
huawei -- emily-al00a_smart_phones
 
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. 2018-07-05 not yet calculated CVE-2018-7944
CONFIRM(link is external)
huawei -- mate_9_pro_smart_phones
 
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages. 2018-07-02 not yet calculated CVE-2017-17175
CONFIRM(link is external)
huawei -- multiple_devices Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal. 2018-07-02 not yet calculated CVE-2017-17317
CONFIRM(link is external)
huawei -- multiple_devices Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal. 2018-07-02 not yet calculated CVE-2017-17316
CONFIRM(link is external)
ibm -- api_connect IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. 2018-07-06 not yet calculated CVE-2018-1546
XF(link is external)
CONFIRM(link is external)
ibm -- doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097. 2018-07-06 not yet calculated CVE-2018-1494
CONFIRM(link is external)
XF(link is external)
ibm -- filenet_content_manager IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893. 2018-07-06 not yet calculated CVE-2018-1556
CONFIRM(link is external)
SECTRACK(link is external)
XF(link is external)
ibm -- filenet_content_manager IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892. 2018-07-06 not yet calculated CVE-2018-1555
CONFIRM(link is external)
SECTRACK(link is external)
XF(link is external)

ibm -- jazz_foundation

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. 2018-07-06 not yet calculated CVE-2017-1509
XF(link is external)
CONFIRM(link is external)

ibm -- jazz_foundation

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627. 2018-07-06 not yet calculated CVE-2017-1488
XF(link is external)
CONFIRM(link is external)

ibm -- jazz_foundation

IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355. 2018-07-06 not yet calculated CVE-2017-1237
XF(link is external)
CONFIRM(link is external)
ibm -- multiple_products IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597. 2018-07-06 not yet calculated CVE-2018-1542
CONFIRM(link is external)
SECTRACK(link is external)
XF(link is external)
ibm -- planning_analytics IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118. 2018-07-06 not yet calculated CVE-2018-1676
CONFIRM(link is external)
XF(link is external)
ibm -- quality_manager IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231. 2018-07-06 not yet calculated CVE-2017-1329
CONFIRM(link is external)
XF(link is external)
ibm -- quality_manager IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628. 2018-07-06 not yet calculated CVE-2017-1248
CONFIRM(link is external)
XF(link is external)
ibm -- quality_manager IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524. 2018-07-06 not yet calculated CVE-2017-1242
CONFIRM(link is external)
XF(link is external)
ibm -- quality_manager IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357. 2018-07-06 not yet calculated CVE-2017-1239
CONFIRM(link is external)
XF(link is external)
ibm -- quality_manager IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356. 2018-07-06 not yet calculated CVE-2017-1238
CONFIRM(link is external)
XF(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493. 2018-07-03 not yet calculated CVE-2017-1592
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778. 2018-07-03 not yet calculated CVE-2017-1568
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765. 2018-07-03 not yet calculated CVE-2017-1565
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760. 2018-07-03 not yet calculated CVE-2017-1561
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161. 2018-07-03 not yet calculated CVE-2017-1299
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752. 2018-07-03 not yet calculated CVE-2017-1277
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066. 2018-07-03 not yet calculated CVE-2017-1691
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764. 2018-07-03 not yet calculated CVE-2017-1564
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729. 2018-07-03 not yet calculated CVE-2017-1317
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065. 2018-07-03 not yet calculated CVE-2017-1690
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724. 2018-07-03 not yet calculated CVE-2017-1313
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155. 2018-07-03 not yet calculated CVE-2017-1294
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263. 2018-07-03 not yet calculated CVE-2017-1652
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154. 2018-07-03 not yet calculated CVE-2017-1293
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630. 2018-07-03 not yet calculated CVE-2017-1250
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759. 2018-07-03 not yet calculated CVE-2017-1281
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928. 2018-07-03 not yet calculated CVE-2017-1608
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750. 2018-07-03 not yet calculated CVE-2017-1275
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460. 2018-07-03 not yet calculated CVE-2017-1306
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261. 2018-07-03 not yet calculated CVE-2017-1651
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728. 2018-07-03 not yet calculated CVE-2017-1316
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758. 2018-07-03 not yet calculated CVE-2017-1280
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727. 2018-07-03 not yet calculated CVE-2017-1315
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796. 2018-07-03 not yet calculated CVE-2017-1717
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088. 2018-07-03 not yet calculated CVE-2017-1621
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723. 2018-07-03 not yet calculated CVE-2017-1312
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761. 2018-07-03 not yet calculated CVE-2017-1562
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637. 2018-07-03 not yet calculated CVE-2017-1715
XF(link is external)
CONFIRM(link is external)
ibm -- quality_manager_and_rational_collaborative_lifecycle_management IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725. 2018-07-03 not yet calculated CVE-2017-1314
XF(link is external)
CONFIRM(link is external)
ibm -- rational_products Multiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758. 2018-07-06 not yet calculated CVE-2017-1559
XF(link is external)
CONFIRM(link is external)
ibm -- websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346. 2018-07-06 not yet calculated CVE-2018-1621
CONFIRM(link is external)
SECTRACK(link is external)
XF(link is external)
ibm -- websphere_mq IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. 2018-07-06 not yet calculated CVE-2017-1795
CONFIRM(link is external)
XF(link is external)
imagemagick -- imagemagick
 
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. 2018-07-04 not yet calculated CVE-2018-13153
SECTRACK(link is external)
CONFIRM(link is external)
intex -- n150_devices An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. 2018-07-02 not yet calculated CVE-2018-12528
MISC(link is external)
EXPLOIT-DB(link is external)
intex -- n150_devices
 
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. 2018-07-02 not yet calculated CVE-2018-12529
MISC(link is external)
EXPLOIT-DB(link is external)
invoiceplane -- invoiceplane An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. 2018-07-03 not yet calculated CVE-2018-12255
MISC(link is external)
MISC(link is external)

j2_innovations -- fin_stack

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /auth/ariosa/login. 2018-07-05 not yet calculated CVE-2017-11175
MISC(link is external)
jirafeau -- jirafeau A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. 2018-07-06 not yet calculated CVE-2018-13407
MISC(link is external)
jirafeau -- jirafeau script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter. 2018-07-07 not yet calculated CVE-2018-11351
MISC(link is external)
jirafeau -- jirafeau An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. 2018-07-06 not yet calculated CVE-2018-13409
MISC(link is external)
jirafeau -- jirafeau An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. 2018-07-06 not yet calculated CVE-2018-13408
MISC(link is external)
jirafeau -- jirafeau The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. 2018-07-07 not yet calculated CVE-2018-11349
MISC(link is external)
jirafeau -- jirafeau
 
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. 2018-07-07 not yet calculated CVE-2018-11350
MISC(link is external)
jpeg-compressor -- jpeg-compressor
 
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. 2018-07-01 not yet calculated CVE-2018-13037
MISC(link is external)
MISC(link is external)
libming -- libming
 
libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. 2018-07-05 not yet calculated CVE-2018-13250
MISC(link is external)
libming -- libming
 
In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. 2018-07-05 not yet calculated CVE-2018-13251
MISC(link is external)
libming -- libming
 
There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE. 2018-07-02 not yet calculated CVE-2018-13066
MISC(link is external)
libsndfile -- libsndfile An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. 2018-07-07 not yet calculated CVE-2018-13419
MISC(link is external)
libsndfile -- libsndfile
 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. 2018-07-04 not yet calculated CVE-2018-13139
MISC(link is external)
libsoup -- libsoup
 
soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to have unspecified impact via an empty hostname. 2018-07-05 not yet calculated CVE-2018-12910
CONFIRM
MLIST
FEDORA
UBUNTU(link is external)
DEBIAN
linux -- linux_kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. 2018-07-03 not yet calculated CVE-2018-13096
MISC
MISC
linux -- linux_kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. 2018-07-03 not yet calculated CVE-2018-13100
BID(link is external)
MISC
MISC
linux -- linux_kernel The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. 2018-07-06 not yet calculated CVE-2018-13405
MISC
MISC(link is external)
MISC(link is external)
linux -- linux_kernel An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. 2018-07-03 not yet calculated CVE-2018-13094
MISC
MISC
MISC(link is external)
linux -- linux_kernel The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. 2018-07-02 not yet calculated CVE-2018-13053
BID(link is external)
MISC
MISC
linux -- linux_kernel An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. 2018-07-03 not yet calculated CVE-2018-13099
BID(link is external)
MISC
MISC
MISC(link is external)
linux -- linux_kernel An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. 2018-07-03 not yet calculated CVE-2018-13095
MISC
MISC
MISC(link is external)
linux -- linux_kernel An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. 2018-07-03 not yet calculated CVE-2018-13093
MISC
MISC
MISC(link is external)
linux -- linux_kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). 2018-07-03 not yet calculated CVE-2018-13097
MISC
MISC
linux -- linux_kernel An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. 2018-07-06 not yet calculated CVE-2018-13406
MISC
MISC
MISC(link is external)
linux -- linux_kernel An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. 2018-07-02 not yet calculated CVE-2018-12896
MISC
MISC(link is external)
MISC(link is external)
linux -- linux_kernel An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. 2018-07-03 not yet calculated CVE-2018-13098
MISC
MISC
medtronic -- 2090_carelink_programmer Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications. 2018-07-02 not yet calculated CVE-2018-10596
MISC
medtronic -- mycarelink_patient_monitor_and_mycarelink_monitor Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 2018-07-02 not yet calculated CVE-2018-8868
MISC
medtronic -- mycarelink_patient_monitor_and_mycarelink_monitor Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 2018-07-02 not yet calculated CVE-2018-8870
MISC
memjs -- memjs `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. 2018-07-05 not yet calculated CVE-2018-3767
MISC(link is external)
mercurial -- mercurial The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. 2018-07-05 not yet calculated CVE-2018-13348
MISC
MISC
mercurial -- mercurial
 
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. 2018-07-05 not yet calculated CVE-2018-13347
MISC
MISC
MISC
mercurial -- mercurial
 
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. 2018-07-05 not yet calculated CVE-2018-13346
MISC
MISC
merge-objects -- merge-objects The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. 2018-07-03 not yet calculated CVE-2018-3753
MISC(link is external)
merge-options -- merge-options
 
The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. 2018-07-03 not yet calculated CVE-2018-3752
MISC(link is external)
merge-recursive -- merge-recursive The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects. 2018-07-03 not yet calculated CVE-2018-3751
MISC(link is external)
microsoft -- forefront_unified_access_gateway uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. 2018-07-05 not yet calculated CVE-2018-12571
MISC(link is external)
FULLDISC
FULLDISC
SECTRACK(link is external)
mongodb -- skyring_database The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. 2018-07-06 not yet calculated CVE-2017-2665
BID(link is external)
CONFIRM(link is external)
motorola -- mbp853_firmware The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. 2018-07-02 not yet calculated CVE-2018-12499
MISC(link is external)
naver -- whale_browser
 
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name. 2018-07-03 not yet calculated CVE-2018-7635
MISC(link is external)
nextcloud -- calendar In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. 2018-07-05 not yet calculated CVE-2018-3763
CONFIRM(link is external)
nextcloud -- contacts In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. 2018-07-05 not yet calculated CVE-2018-3764
CONFIRM(link is external)
nextcloud -- server Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. 2018-07-05 not yet calculated CVE-2018-3761
MISC(link is external)
CONFIRM(link is external)
nextcloud -- server Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. 2018-07-05 not yet calculated CVE-2018-3762
MISC(link is external)
CONFIRM(link is external)
ntopng -- ntopng An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. 2018-07-05 not yet calculated CVE-2018-12520
FULLDISC
MISC(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
omeka -- omeka admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. 2018-07-07 not yet calculated CVE-2018-13423
MISC(link is external)
MISC(link is external)
onefilecms -- onefilecms
 
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. 2018-07-03 not yet calculated CVE-2018-13122
MISC(link is external)
onefilecms -- onefilecms
 
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file. 2018-07-03 not yet calculated CVE-2018-13123
MISC(link is external)
onos -- onos
 
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection. 2018-07-05 not yet calculated CVE-2018-12691
CONFIRM
CONFIRM
open-xchange -- ox_app_suite Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks. 2018-07-05 not yet calculated CVE-2018-9998
FULLDISC
SECTRACK(link is external)
open-xchange -- ox_app_suite Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. 2018-07-05 not yet calculated CVE-2018-9997
FULLDISC
SECTRACK(link is external)
opencart -- opencart
 
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. 2018-07-02 not yet calculated CVE-2018-13067
MISC(link is external)
openshift -- container_platform source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user. 2018-07-02 not yet calculated CVE-2018-10843
REDHAT(link is external)
CONFIRM(link is external)
opensid -- opensid OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. 2018-07-01 not yet calculated CVE-2018-13040
MISC(link is external)
opensid -- opensid OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. 2018-07-01 not yet calculated CVE-2018-13039
MISC(link is external)
opensid -- opensid
 
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. 2018-07-01 not yet calculated CVE-2018-13038
MISC(link is external)
opmantek -- open-audit_community
 
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. 2018-07-06 not yet calculated CVE-2018-11124
MISC(link is external)
paessler -- prtg_network_monitor
 
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. 2018-07-02 not yet calculated CVE-2018-9276
MISC(link is external)
BUGTRAQ(link is external)
pan-os -- pan-os The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup. 2018-07-03 not yet calculated CVE-2018-9334
CONFIRM(link is external)
pan-os -- pan-os The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. 2018-07-03 not yet calculated CVE-2018-7636
SECTRACK(link is external)
CONFIRM(link is external)
pan-os -- pan-os The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. 2018-07-03 not yet calculated CVE-2018-9242
CONFIRM(link is external)
pan-os -- pan-os
 
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. 2018-07-03 not yet calculated CVE-2018-9335
BID(link is external)
CONFIRM(link is external)
pan-os -- pan-os
 
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. 2018-07-03 not yet calculated CVE-2018-9337
BID(link is external)
CONFIRM(link is external)
podman -- podman
 
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container. 2018-07-02 not yet calculated CVE-2018-10856
REDHAT(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
public -- public The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. 2018-07-03 not yet calculated CVE-2018-3747
MISC(link is external)
puppet -- discovery In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery. 2018-07-03 not yet calculated CVE-2018-11746
CONFIRM(link is external)

qemu -- qemu

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. 2018-07-02 not yet calculated CVE-2017-2615
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
REDHAT(link is external)
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
MLIST
GENTOO
GENTOO
CONFIRM(link is external)

qualcomm -- android

The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5892
CONFIRM(link is external)
qualcomm -- android Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. 2018-07-06 not yet calculated CVE-2018-5907
qualcomm -- android Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5898
CONFIRM(link is external)
qualcomm -- android In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. 2018-07-06 not yet calculated CVE-2018-5862
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. 2018-07-06 not yet calculated CVE-2018-5853
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5885
CONFIRM(link is external)
qualcomm -- android In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition. 2018-07-06 not yet calculated CVE-2018-5831
CONFIRM(link is external)
CONFIRM
CONFIRM

qualcomm -- android

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. 2018-07-06 not yet calculated CVE-2018-11257
CONFIRM(link is external)

qualcomm -- android

Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. 2018-07-06 not yet calculated CVE-2017-11088
CONFIRM(link is external)
qualcomm -- android While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5887
CONFIRM(link is external)
CONFIRM
qualcomm -- android While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur. 2018-07-06 not yet calculated CVE-2018-5855
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-3577
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android An integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. 2018-07-06 not yet calculated CVE-2018-3586
MISC(link is external)
qualcomm -- android In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. 2018-07-06 not yet calculated CVE-2018-5836
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5835
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur. 2018-07-06 not yet calculated CVE-2018-5858
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
qualcomm -- android Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. 2018-07-06 not yet calculated CVE-2018-5859
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android In the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur. 2018-07-06 not yet calculated CVE-2018-3597
CONFIRM(link is external)
CONFIRM
qualcomm -- android Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2017-15856
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied. 2018-07-06 not yet calculated CVE-2018-5896
CONFIRM(link is external)

qualcomm -- android

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. 2018-07-06 not yet calculated CVE-2018-11258
CONFIRM(link is external)
qualcomm -- android While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5874
CONFIRM(link is external)
qualcomm -- android Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur. 2018-07-06 not yet calculated CVE-2018-5832
CONFIRM(link is external)
CONFIRM
qualcomm -- android While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5889
CONFIRM(link is external)
CONFIRM

qualcomm -- android

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5875
CONFIRM(link is external)
qualcomm -- android While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. 2018-07-06 not yet calculated CVE-2018-5865
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. 2018-07-06 not yet calculated CVE-2018-5893
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. 2018-07-06 not yet calculated CVE-2018-5886
CONFIRM
CONFIRM

qualcomm -- android

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. 2018-07-06 not yet calculated CVE-2018-11259
CONFIRM(link is external)
qualcomm -- android While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. 2018-07-06 not yet calculated CVE-2018-5864
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2017-14893
CONFIRM(link is external)
CONFIRM
qualcomm -- android Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents. 2018-07-06 not yet calculated CVE-2018-5884
CONFIRM(link is external)
qualcomm -- android In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference. 2018-07-06 not yet calculated CVE-2018-3570
MISC(link is external)
MISC(link is external)
qualcomm -- android In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails. 2018-07-06 not yet calculated CVE-2018-3564
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5878
CONFIRM(link is external)
qualcomm -- android While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5897
CONFIRM(link is external)
qualcomm -- android In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5834
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5895
CONFIRM(link is external)
CONFIRM
qualcomm -- android Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images. 2018-07-06 not yet calculated CVE-2017-18158
CONFIRM(link is external)
CONFIRM
qualcomm -- android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. 2018-07-06 not yet calculated CVE-2018-5899
CONFIRM(link is external)
CONFIRM
qualcomm -- android If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5890
CONFIRM(link is external)
CONFIRM
qualcomm -- android While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5876
CONFIRM(link is external)
qualcomm -- android While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5888
CONFIRM(link is external)
CONFIRM
qualcomm -- android Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel 2018-07-06 not yet calculated CVE-2017-15851
MISC(link is external)
MISC(link is external)

qualcomm -- android

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5891
CONFIRM(link is external)
qualcomm -- android Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur. 2018-07-06 not yet calculated CVE-2018-5894
CONFIRM(link is external)

qualcomm -- android

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. 2018-07-06 not yet calculated CVE-2018-5882
CONFIRM(link is external)
qualcomm -- android An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. 2018-07-06 not yet calculated CVE-2018-5873
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur. 2018-07-06 not yet calculated CVE-2018-5829
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur. 2018-07-06 not yet calculated CVE-2017-18159
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm -- android Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. 2018-07-06 not yet calculated CVE-2018-11304
qualcomm -- android While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-5830
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
qualcomm -- android In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory. 2018-07-06 not yet calculated CVE-2017-15824
CONFIRM(link is external)
qualcomm -- android In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. 2018-07-06 not yet calculated CVE-2018-3587
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm -- android While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. 2018-07-06 not yet calculated CVE-2018-5872
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. 2018-07-06 not yet calculated CVE-2018-5838
CONFIRM(link is external)
qualcomm -- android A buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2018-3569
CONFIRM(link is external)
CONFIRM
CONFIRM
qualcomm -- android
 
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. 2018-07-06 not yet calculated CVE-2017-14872
CONFIRM(link is external)
CONFIRM
query-mysql -- query-mysql Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database. 2018-07-03 not yet calculated CVE-2018-3754
MISC(link is external)
rails_admin -- rails_admin
 
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. 2018-07-05 not yet calculated CVE-2016-10522
CONFIRM(link is external)
MISC(link is external)
MISC(link is external)

realnetworks -- realoneplayer

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. 2018-07-03 not yet calculated CVE-2018-13121
MISC(link is external)
red_hat -- openshift
 
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster. 2018-07-05 not yet calculated CVE-2018-10885
CONFIRM(link is external)
red_hat-- fedora_and_enterprise_linux
 
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. 2018-07-02 not yet calculated CVE-2018-1113
CONFIRM(link is external)
redswimmer -- kiosksimple
 
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries. 2018-07-03 not yet calculated CVE-2018-13101
MISC(link is external)
roku -- roku_and_roku_tv_products
 
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. 2018-07-03 not yet calculated CVE-2018-11314
MISC(link is external)
MISC(link is external)
rsa -- certificate_manager
 
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. 2018-07-03 not yet calculated CVE-2018-11051
FULLDISC
SECTRACK(link is external)
ruby-grape -- ruby-grape ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. 2018-07-05 not yet calculated CVE-2018-3769
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
schneider_electric -- evlink_charging_station In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users. 2018-07-03 not yet calculated CVE-2018-7778
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional_cameras In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation. 2018-07-03 not yet calculated CVE-2018-7781
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional_cameras In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. 2018-07-03 not yet calculated CVE-2018-7782
CONFIRM(link is external)
schneider_electric -- pelco_sarix_professional_cameras In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". 2018-07-03 not yet calculated CVE-2018-7780
CONFIRM(link is external)
schneider_electric -- somachine_basic Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file. 2018-07-03 not yet calculated CVE-2018-7783
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. 2018-07-03 not yet calculated CVE-2018-7767
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter. 2018-07-03 not yet calculated CVE-2018-7765
CONFIRM(link is external)
schneider_electric -- u.motion_builder In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. 2018-07-03 not yet calculated CVE-2018-7786
BID(link is external)
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The 'css' parameter contains a directory traversal vulnerability. 2018-07-03 not yet calculated CVE-2018-7763
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. 2018-07-03 not yet calculated CVE-2018-7769
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet. 2018-07-03 not yet calculated CVE-2018-7764
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address. 2018-07-03 not yet calculated CVE-2018-7770
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter. 2018-07-03 not yet calculated CVE-2018-7774
CONFIRM(link is external)
schneider_electric -- u.motion_builder In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application. 2018-07-03 not yet calculated CVE-2018-7784
BID(link is external)
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter. 2018-07-03 not yet calculated CVE-2018-7768
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter. 2018-07-03 not yet calculated CVE-2018-7766
CONFIRM(link is external)
schneider_electric -- u.motion_builder In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. 2018-07-03 not yet calculated CVE-2018-7785
BID(link is external)
CONFIRM(link is external)
schneider_electric -- u.motion_builder In Schneider Electric U.motion Builder software versions prior to v1.3.4, malicious clients can upload and cause the smbd server to execute a shared library from a writable share. 2018-07-03 not yet calculated CVE-2018-7777
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data. 2018-07-03 not yet calculated CVE-2018-7775
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter. 2018-07-03 not yet calculated CVE-2018-7773
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree. 2018-07-03 not yet calculated CVE-2018-7771
CONFIRM(link is external)
schneider_electric -- u.motion_builder The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request. 2018-07-03 not yet calculated CVE-2018-7772
CONFIRM(link is external)
schneider_electric -- u.motion_builder In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. 2018-07-03 not yet calculated CVE-2018-7787
BID(link is external)
CONFIRM(link is external)
schneider_electric -- u.motion_builder
 
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. 2018-07-03 not yet calculated CVE-2018-7776
CONFIRM(link is external)
schneider_electric -- wiser_for_knx In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. 2018-07-03 not yet calculated CVE-2018-7779
CONFIRM(link is external)
sencha -- ext_js The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. 2018-07-05 not yet calculated CVE-2018-8046
CONFIRM(link is external)
FULLDISC
siemens -- siclock A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users. 2018-07-03 not yet calculated CVE-2018-4856
BID(link is external)
CONFIRM(link is external)
siemens -- siclock A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system. 2018-07-03 not yet calculated CVE-2018-4854
BID(link is external)
CONFIRM(link is external)
siemens -- siclock A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed. 2018-07-03 not yet calculated CVE-2018-4851
BID(link is external)
CONFIRM(link is external)
siemens -- siclock A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device. 2018-07-03 not yet calculated CVE-2018-4852
BID(link is external)
CONFIRM(link is external)
siemens -- siclock A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device. 2018-07-03 not yet calculated CVE-2018-4853
BID(link is external)
CONFIRM(link is external)
siemens -- siclock A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. 2018-07-03 not yet calculated CVE-2018-4855
BID(link is external)
CONFIRM(link is external)
singularity -- singularity Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features. 2018-07-05 not yet calculated CVE-2018-12021
CONFIRM(link is external)
sonos -- wireless_speaker_products The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. 2018-07-03 not yet calculated CVE-2018-11316
MISC(link is external)
MISC(link is external)
synology -- carddav_server
 
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. 2018-07-05 not yet calculated CVE-2018-8928
CONFIRM(link is external)
synology -- synology_ssl_vpn_client
 
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. 2018-07-06 not yet calculated CVE-2018-8929
CONFIRM(link is external)
synology -- universal_search Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. 2018-07-05 not yet calculated CVE-2017-16773
CONFIRM(link is external)
tcexam -- tcexam TCExam before 14.1.2 has XSS via an ff_ or xl_ field. 2018-07-07 not yet calculated CVE-2018-13422
MISC(link is external)
tcpreplay -- tcpreplay
 
get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep. 2018-07-03 not yet calculated CVE-2018-13112
MISC(link is external)
tp-link -- archer_c1200_wireless_router TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. 2018-07-04 not yet calculated CVE-2018-13134
MISC(link is external)
tp-link -- tl-wr841n_devices The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. 2018-07-02 not yet calculated CVE-2018-12577
MISC
tp-link -- tl-wr841n_devices CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. 2018-07-02 not yet calculated CVE-2018-12574
MISC
tp-link -- tl-wr841n_devices TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. 2018-07-02 not yet calculated CVE-2018-12576
MISC
tp-link -- tl-wr841n_devices On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. 2018-07-02 not yet calculated CVE-2018-12575
MISC
trackr -- trackr_bravo Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. 2018-07-06 not yet calculated CVE-2016-6540
BID(link is external)
MISC(link is external)
CERT-VN
MISC
trackr -- trackr_bravo The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. 2018-07-06 not yet calculated CVE-2016-6539
BID(link is external)
MISC(link is external)
CERT-VN
MISC
trackr -- trackr_bravo TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. 2018-07-06 not yet calculated CVE-2016-6541
BID(link is external)
MISC(link is external)
CERT-VN
MISC
trackr -- trackr_bravo
 
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. 2018-07-06 not yet calculated CVE-2016-6538
BID(link is external)
MISC(link is external)
CERT-VN
MISC
trend_micro -- maximum_security_2018 A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. 2018-07-06 not yet calculated CVE-2018-3608
MISC(link is external)
MISC(link is external)
ubiquiti -- ucrm Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization". 2018-07-03 not yet calculated CVE-2017-0913
MISC(link is external)
MISC(link is external)
ubiquiti -- ucrm Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling". 2018-07-03 not yet calculated CVE-2017-0912
MISC(link is external)
wordpress -- wordpress The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type. 2018-07-02 not yet calculated CVE-2018-12426
MISC(link is external)
MISC(link is external)
wordpress -- wordpress The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. 2018-07-04 not yet calculated CVE-2018-13136
MISC(link is external)
MISC(link is external)
xapian -- xapian-core
 
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). 2018-07-02 not yet calculated CVE-2018-0499
CONFIRM
CONFIRM
xen -- xen An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability. 2018-07-02 not yet calculated CVE-2018-12891
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
DEBIAN
xen -- xen An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. 2018-07-02 not yet calculated CVE-2018-12893
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
DEBIAN
xen -- xen An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as "sd" in the libxl disk configuration, or an equivalent) are affected. IDE disks ("hd") are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line. 2018-07-02 not yet calculated CVE-2018-12892
MLIST(link is external)
BID(link is external)
SECTRACK(link is external)
CONFIRM
DEBIAN
zoho -- manageengine_applications_manager A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x via the j_username parameter in a /j_security_check POST request. 2018-07-02 not yet calculated CVE-2018-13050
MISC(link is external)
zoho -- manageengine_eventlog_analyzer An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard). 2018-07-02 not yet calculated CVE-2018-10076
CONFIRM(link is external)
zoho -- manageengine_eventlog_analyzer
 
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature. 2018-07-02 not yet calculated CVE-2018-10075
CONFIRM(link is external)
zzcms -- zzcms
 
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. 2018-07-03 not yet calculated CVE-2018-13116
MISC(link is external)
zzcms -- zzcms
 
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. 2018-07-02 not yet calculated CVE-2018-13056
MISC