The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 07-22-2018, 03:15 PM
The Patriot's Avatar
The Patriot The Patriot is offline
Senior Member
 

Join Date: Jun 2002
Posts: 1,386,283
Default SB18-197: Vulnerability Summary for the Week of July 9, 2018

SB18-197: Vulnerability Summary for the Week of July 9, 2018

07-16-2018 03:37 AM

Original release date: July 16, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoarm -- cortex-aSystems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.2018-07-104.7CVE-2018-3693
CONFIRM
MISC
MISCservviziotoken_project -- servviziotokenThe mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-095.0CVE-2018-13723
MISC
@#19#Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabbyy -- flexicaptureMultiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login.2018-07-09not yet calculatedCVE-2018-13793
MISCabbyy -- flexicaptureThe HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter.2018-07-09not yet calculatedCVE-2018-13791
MISCaccellion -- ftp_serverAccellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.2018-07-13not yet calculatedCVE-2016-9500
CERT-VN
MISC
BIDaccellion -- ftp_serverAccellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.2018-07-13not yet calculatedCVE-2016-9499
CERT-VN
MISC
BIDaccountsservice -- accountsservice
*Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.2018-07-13not yet calculatedCVE-2018-14036
MISC
MISC
MISC
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4999
BID
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4980
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4985
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4949
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4972
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4989
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4968
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4957
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4948
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4986
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4979
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4964
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4998
BID
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4971
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4950
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4966
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4954
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4977
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4965
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4993
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4951
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4955
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4996
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4953
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4967
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4947
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4988
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4973
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4952
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4969
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4984
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4961
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4978
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4963
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4958
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4960
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4962
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4997
BID
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4983
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4981
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4956
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4975
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4974
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4970
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-4976
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.2018-07-09not yet calculatedCVE-2018-4995
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4987
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4982
BID
SECTRACK
MISCadobe -- acrobat_and_readerAdobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4990
BID
SECTRACK
MISCadobe -- acrobat_and_reader
*Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4959
BID
SECTRACK
MISCadobe -- flash_playerAdobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-5002
BID
SECTRACK
REDHAT
MISCadobe -- flash_playerAdobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-5001
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4945
BID
SECTRACK
REDHAT
MISCadobe -- flash_player
*Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.2018-07-09not yet calculatedCVE-2018-5000
BID
SECTRACK
REDHAT
MISCadobe -- photoshop_ccAdobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.2018-07-09not yet calculatedCVE-2018-4946
BID
SECTRACK
MISCansible -- ansible
*A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.2018-07-13not yet calculatedCVE-2018-10875
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRMantenna_house -- office_server_document_converterAn exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method.2018-07-11not yet calculatedCVE-2018-3933
MISCantenna_house -- office_server_document_converterIn Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method.2018-07-11not yet calculatedCVE-2018-3931
MISCantenna_house -- office_server_document_converterIn Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method.2018-07-11not yet calculatedCVE-2018-3930
MISCantenna_house -- office_server_document_converterAn exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution.2018-07-11not yet calculatedCVE-2018-3932
MISCantenna_house -- office_server_document_converterIn Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.2018-07-11not yet calculatedCVE-2018-3936
MISCapache -- couchdb
*Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.2018-07-11not yet calculatedCVE-2018-8007
MLIST
MLIST
CONFIRMapache -- ldap_api
*In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).2018-07-10not yet calculatedCVE-2018-1337
MLISTapache -- sparkIn Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI.2018-07-12not yet calculatedCVE-2018-8024
MLIST
CONFIRMapache -- spark
*In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.2018-07-12not yet calculatedCVE-2018-1334
MLIST
CONFIRMapache -- storm
*In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.2018-07-10not yet calculatedCVE-2018-1331
CONFIRM
CONFIRM
MLIST
BID
SECTRACKasp.net -- asp.net
*A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.2018-07-10not yet calculatedCVE-2018-8171
BID
SECTRACK
CONFIRMasustek -- asus_rp-ac52_access_pointsA command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.2018-07-13not yet calculatedCVE-2016-6558
CERT-VN
BIDasustek -- asus_rp-ac52_access_pointsIn ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.2018-07-13not yet calculatedCVE-2016-6557
CERT-VN
BIDatlassian -- confluence
*The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.2018-07-10not yet calculatedCVE-2018-13389
CONFIRMatlassian -- fisheye_and_crucibleThe review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.2018-07-10not yet calculatedCVE-2018-13388
BID
CONFIRM
CONFIRMatlassian -- floodlight_controllerAtlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack).2018-07-09not yet calculatedCVE-2018-1000617
MISC
BIDbarco -- clickshare_and_base_unitsAn issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit.2018-07-10not yet calculatedCVE-2018-10943
CONFIRM
CONFIRMbento4 -- bento4An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.2018-07-10not yet calculatedCVE-2018-13847
MISCbento4 -- bento4
*An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.2018-07-10not yet calculatedCVE-2018-13848
MISCbento4 -- bento4
*An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read.2018-07-10not yet calculatedCVE-2018-13846
MISCbmc -- intel_product_firmware
*BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.2018-07-10not yet calculatedCVE-2018-3682
CONFIRMboostnote -- boostnoteBoostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element.2018-07-08not yet calculatedCVE-2018-13433
MISCbootstrap -- bootstrapIn Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.2018-07-13not yet calculatedCVE-2018-14042
MISC
MISC
MISC
MISCbootstrap -- bootstrap
*In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.2018-07-13not yet calculatedCVE-2018-14040
MISC
MISC
MISC
MISCbootstrap -- bootstrap
*In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.2018-07-13not yet calculatedCVE-2018-14041
MISC
MISC
MISC
MISCcatfish -- cms
*Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator).2018-07-12not yet calculatedCVE-2018-13999
MISCcatimg -- catimg
*A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.2018-07-09not yet calculatedCVE-2018-13794
MISCceph-mon -- ceph-mon
*A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.2018-07-10not yet calculatedCVE-2018-10861
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRMcephx -- cephxA flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.2018-07-10not yet calculatedCVE-2018-1129
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRMcephx -- cephx
*It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.2018-07-10not yet calculatedCVE-2018-1128
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRMclippercms -- clippercms
*ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.2018-07-12not yet calculatedCVE-2018-13998
MISCcloud_foundry -- cloud_foundry

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue.2018-07-11not yet calculatedCVE-2016-0708
CONFIRMcmft -- cmft
*An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact.2018-07-10not yet calculatedCVE-2018-13833
MISC
MISCcodelathe -- filecloudCodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.2018-07-13not yet calculatedCVE-2016-6578
BID
CERT-VNcodiad -- codiad
*Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.2018-07-12not yet calculatedCVE-2018-14009
MISC
MISCconcrete5 -- concrete5
*A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.2018-07-09not yet calculatedCVE-2018-13790
MISCcreatiwity -- witycmsCSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.2018-07-12not yet calculatedCVE-2018-14029
MISCcrestron -- airmedia_am-100_and_am-101_devicesCross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2018-07-11not yet calculatedCVE-2017-16710
CONFIRMcrestron -- airmedia_am-100_and_am-101_devicesCrestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.2018-07-11not yet calculatedCVE-2017-16709
CONFIRMcrestron -- digital_graphics_engineThe Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.2018-07-10not yet calculatedCVE-2018-5553
MISC
CONFIRMcurl -- curl
*Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).2018-07-11not yet calculatedCVE-2018-0500
SECTRACK
CONFIRM
CONFIRM
UBUNTUd-link_systems -- dir_routersProcessing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L.2018-07-13not yet calculatedCVE-2016-6563
FULLDISC
BID
EXPLOIT-DB
CERT-VNdolibarr -- dolibarrSQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.2018-07-08not yet calculatedCVE-2018-13448
MISCdolibarr -- dolibarrSQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.2018-07-08not yet calculatedCVE-2018-13449
MISCdolibarr -- dolibarr
*SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.2018-07-08not yet calculatedCVE-2018-13447
MISCdolibarr -- dolibarr
*SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.2018-07-08not yet calculatedCVE-2018-13450
MISCdoorkeeper -- doorkeeper
*Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.2018-07-13not yet calculatedCVE-2018-1000211
CONFIRM
CONFIRMdspace -- dspace
*The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.2018-07-10not yet calculatedCVE-2016-10726
MISC
MISC
MISCeaton -- 9000x_drivea
*Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.2018-07-13not yet calculatedCVE-2018-8847
MISC
BID
MISCeclipse -- vert.xIn version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.2018-07-12not yet calculatedCVE-2018-12540
CONFIRMelo -- eloenterprise_and_eloprofessionalThere is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the "userdata" table from the "eloam" database.2018-07-11not yet calculatedCVE-2018-10197
FULLDISCeosio/eos -- eosio/eosEOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d .2018-07-09not yet calculatedCVE-2018-1000618
CONFIRMepubcheck -- epubcheckEpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities.2018-07-13not yet calculatedCVE-2016-9487
CERT-VN
BIDeran_hammer -- cryptilesEran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.2018-07-09not yet calculatedCVE-2018-1000620
CONFIRMethereum -- ablgenesistokenThe mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13741
MISC
MISCethereum -- airdroppercryptics_tokenThe mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13623
MISC
MISCethereum -- aluxtokenThe mintToken function of a smart contract implementation for ALUXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13533
MISC
MISCethereum -- aman_tokenThe mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13515
MISC
MISCethereum -- amtokenThe mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13600
MISC
MISCethereum -- anovabace_token
*The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13737
MISC
MISCethereum -- antokenThe mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13720
MISC
MISCethereum -- app_tokenThe mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13661
MISC
MISCethereum -- appletoken

The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13776
MISC
MISCethereum -- archain_tokenThe mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13606
MISC
MISCethereum -- archercoin_tokenThe mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13608
MISC
MISCethereum -- azttokenThe mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13734
MISC
MISCethereum -- bcaas_tokenThe mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13665
MISC
MISCethereum -- bcxss_tokenThe mintToken function of a smart contract implementation for Bcxss, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13539
MISC
MISCethereum -- betterthanadrien_tokenThe mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13529
MISC
MISCethereum -- beyondcashtokenThe mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13471
MISC
MISCethereum -- bgamecoin_tokenThe mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13551
MISC
MISCethereum -- bgc_tokenThe mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13648
MISC
MISCethereum -- bigcadvancedtokenThe mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13759
MISC
MISCethereum -- billionrewardstokenThe mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13660
MISC
MISCethereum -- biqutokenThe mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13764
MISC
MISCethereum -- bitcoinagiletokenThe mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13485
MISC
MISCethereum -- bitedutokenThe mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13719
MISC
MISCethereum -- bitmaxertokenThe mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13650
MISC
MISCethereum -- bitpark_token
*The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13638
MISC
MISCethereum -- bitstarti_tokenThe mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13774
MISC
MISCethereum -- bitstore_tokenThe mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13595
MISC
MISCethereum -- bmvcoin_tokenThe mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13562
MISC
MISCethereum -- bpstokenThe mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13715
MISC
MISCethereum -- briancoin_tokenThe mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13659
MISC
MISCethereum -- briant2tokenThe mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13603
MISC
MISCethereum -- bsctokenThe mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13663
MISC
MISCethereum -- btpcoin_tokenThe mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13668
MISC
MISCethereum -- buyertokenThe mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13470
MISC
MISCethereum -- buytokenThe mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13708
MISC
MISCethereum -- c3_tokenThe mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13517
MISC
MISCethereum -- captoz_tokenThe mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13617
MISC
MISCethereum -- cardfactory_tokenThe mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13594
MISC
MISCethereum -- cardtokenThe mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13593
MISC
MISCethereum -- carrot_tokenThe mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13491
MISC
MISCethereum -- cartokenThe mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13748
MISC
MISCethereum -- cavecoin_tokenThe mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13468
MISC
MISCethereum -- cbrtokenThe mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13484
MISC
MISCethereum -- ccash_tokenThe mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13546
MISC
MISCethereum -- cdcurrency_tokenThe mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13611
MISC
MISCethereum -- cerb_coin_tokenThe mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13703
MISC
MISCethereum -- cgctokenThe mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13778
MISC
MISCethereum -- cherrycoin_tokenThe mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13585
MISC
MISCethereum -- cherrycoinfoundation_tokenThe mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13756
MISC
MISCethereum -- cikkacoin_tokenThe mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13637
MISC
MISCethereum -- cjxtokenThe mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13689
MISC
MISCethereum -- cloutokenThe mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13472
MISC
MISCethereum -- cm_tokenThe mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13714
MISC
MISCethereum -- co2bit_tokenThe mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13565
MISC
MISCethereum -- cobtokenThe mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13497
MISC
MISCethereum -- code47_tokenThe mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13588
MISC
MISCethereum -- coinquer_tokenThe mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13757
MISC
MISCethereum -- combilladvancedtokenThe mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13674
MISC
MISCethereum -- con0217_tokenThe mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13613
MISC
MISCethereum -- coquinho_coin_tokenThe mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13550
MISC
MISCethereum -- corellicoin_tokenThe mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13511
MISC
MISCethereum -- cornerstone_tokenThe mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13767
MISC
MISCethereum -- cosmotokenerc20_tokenThe mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13556
MISC
MISCethereum -- crimsonshilling_tokenThe mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13629
MISC
MISCethereum -- crowdnext_tokenThe mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13744
MISC
MISCethereum -- crowdsale_tokenThe mintToken function of a smart contract implementation for Crowdsale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13499
MISC
MISCethereum -- crypto_alley_shares_tokenThe mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13488
MISC
MISCethereum -- cryptoleu_tokenThe mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13541
MISC
MISCethereum -- cryptosistokenThe mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13754
MISC
MISCethereum -- crystals_tokenThe mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13466
MISC
MISCethereum -- csatokenThe mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13609
MISC
MISCethereum -- ctesale_tokenThe mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13477
MISC
MISCethereum -- ctest7_tokenThe mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13695
MISC
MISCethereum -- cws_token
*The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13664
MISC
MISCethereum -- daddytokenThe mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13493
MISC
MISCethereum -- databits_tokenThe mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13711
MISC
MISCethereum -- datashieldcoin_tokenThe mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13574
MISC
MISCethereum -- datiac_tokenThe mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13646
MISC
MISCethereum -- dectokenThe mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13587
MISC
MISCethereum -- deploy_tokenThe mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13649
MISC
MISCethereum -- destineed_tokenThe mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13699
MISC
MISCethereum -- deweisecurityservicetokenThe mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13753
MISC
MISCethereum -- dhacoin_tokenThe mintToken function of a smart contract implementation for DhaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13528
MISC
MISCethereum -- digitalcloudtokenThe mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13519
MISC
MISCethereum -- dinsteincoin_tokenThe mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13671
MISC
MISCethereum -- dmptokenThe mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13478
MISC
MISCethereum -- doccoin_tokenThe mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13631
MISC
MISCethereum -- doccoinpreico_tokenThe mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13630
MISC
MISCethereum -- dopnetwork_tokenThe mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13739
MISC
MISCethereum -- eastcoin_tokenThe mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13727
MISC
MISCethereum -- easticoin_tokenThe mintToken function of a smart contract implementation for Easticoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13766
MISC
MISCethereum -- ecogreenhouse_tokenThe mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13505
MISC
MISCethereum -- eddtokenThe mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13704
MISC
MISCethereum -- elearningcoinerc_tokenThe mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13736
MISC
MISCethereum -- elevatecoin_tokenThe mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13527
MISC
MISCethereum -- enter_tokenThe mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13735
MISC
MISCethereum -- entercoin_tokenThe mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13782
MISC
MISCethereum -- epiphanycoin_tokenThe mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13467
MISC
MISCethereum -- erc20_ico_tokenThe mintToken function of a smart contract implementation for ERC20_ICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13536
MISC
MISCethereum -- eristicaico_tokenThe mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13666
MISC
MISCethereum -- escut_tokenThe mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13576
MISC
MISCethereum -- esh_tokenThe mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13780
MISC
MISCethereum -- esportz_tokenThe mintToken function of a smart contract implementation for esportz, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13514
MISC
MISCethereum -- essence_tokenThe mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13702
MISC
MISCethereum -- eststokenThe mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13654
MISC
MISCethereum -- eth033_tokenThe mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13561
MISC
MISCethereum -- ethercash_tokenThe mintToken function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13482
MISC
MISCethereum -- ethereumlegit_token
*The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13537
MISC
MISCethereum -- ethereumsmart_tokenThe mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13640
MISC
MISCethereum -- exacorecontract_tokenThe mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13771
MISC
MISCethereum -- exgroup_tokenThe mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13522
MISC
MISCethereum -- exsulcoin_tokenThe mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13683
MISC
MISCethereum -- extremetokenThe mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13605
MISC
MISCethereum -- fanschaintokenThe mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13474
MISC
MISCethereum -- film_tokenThe mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13490
MISC
MISCethereum -- finaltokenThe mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13749
MISC
MISCethereum -- fiocoin_tokenThe mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13645
MISC
MISCethereum -- flow_tokenThe mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13525
MISC
MISCethereum -- forevercoin_tokenThe mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13579
MISC
MISCethereum -- futurxe_tokenThe mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13718
MISC
MISCethereum -- galacticx_tokenThe mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13601
MISC
MISCethereum -- galaxycoin_tokenThe mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13578
MISC
MISCethereum -- gatcoin_tokenThe mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13564
MISC
MISCethereum -- gcrtokenerc210_tokenThe mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13643
MISC
MISCethereum -- gemstonetokenThe mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13543
MISC
MISCethereum -- gfc_tokenThe mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13655
MISC
MISCethereum -- gfcb_tokenThe mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13670
MISC
MISCethereum -- globalsupergametokenThe mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13725
MISC
MISCethereum -- globecoin_tokenAn integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-14004
MISC
MISCethereum -- gmile_tokenThe mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13694
MISC
MISCethereum -- goldtokenerc20_tokenThe mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13673
MISC
MISCethereum -- gomineworld_tokenThe mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13721
MISC
MISCethereum -- goochain_tokenThe mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13677
MISC
MISCethereum -- goramcoin_tokenThe mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13571
MISC
MISCethereum -- greenenergytokenThe mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13693
MISC
MISCethereum -- gsi_tokenThe mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13540
MISC
MISCethereum -- hashshield_tokenThe mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13545
MISC
MISCethereum -- hbcm_tokenThe mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13635
MISC
MISCethereum -- heliumnetwork_tokenThe mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13502
MISC
MISCethereum -- help_tokenThe mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13486
MISC
MISCethereum -- hey_tokenThe mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13730
MISC
MISCethereum -- hittokenThe mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13569
MISC
MISCethereum -- hormitechtokenThe mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13717
MISC
MISCethereum -- hrwtokenThe mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13501
MISC
MISCethereum -- huntercoin_tokenThe mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13530
MISC
MISCethereum -- hyipcrowdsale1_tokenThe mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13724
MISC
MISCethereum -- hyiptokenThe mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13722
MISC
MISCethereum -- iamrich_tokenThe mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13509
MISC
MISCethereum -- ico_dollar_tokenThe mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13686
MISC
MISCethereum -- icocontract_tokenThe mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13469
MISC
MISCethereum -- ideacoin_tokenThe mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13706
MISC
MISCethereum -- instacocoa_tokenThe mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13690
MISC
MISCethereum -- ioct_coin_tokenThe mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13616
MISC
MISCethereum -- ipmcoin_tokenThe mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13700
MISC
MISCethereum -- ipshoots_tokenThe mintToken function of a smart contract implementation for ipshoots, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13653
MISC
MISCethereum -- iseevoicetokenThe mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13726
MISC
MISCethereum -- jaxbox_tokenThe mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13555
MISC
MISCethereum -- jeanstokenThe mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13769
MISC
MISCethereum -- jiucaitokenThe mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13783
MISC
MISCethereum -- jixocoin_tokenThe mintToken function of a smart contract implementation for JixoCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13728
MISC
MISCethereum -- jpmd100b_tokenThe mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13729
MISC
MISCethereum -- justwallet_tokenThe mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13751
MISC
MISCethereum -- kapaycoin_tokenThe mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13498
MISC
MISCethereum -- kapcoin_tokenThe mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13591
MISC
MISCethereum -- kbit_tokenThe mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13746
MISC
MISCethereum -- kelvintokenThe mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13560
MISC
MISCethereum -- kissme_tokenThe mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13701
MISC
MISCethereum -- kktestcoin1_tokenThe mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13570
MISC
MISCethereum -- kmctokenThe mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13495
MISC
MISCethereum -- krown_tokenThe mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13625
MISC
MISCethereum -- landcoin_tokenThe mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13765
MISC
MISCethereum -- lexittokenThe mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13680
MISC
MISCethereum -- lolicoin_tokenThe mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13758
MISC
MISCethereum -- lottery_tokenThe mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13678
MISC
MISCethereum -- malaysia_coins_tokenAn integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-14005
MISC
MISCethereum -- malltokenThe mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13688
MISC
MISCethereum -- martcoin_tokenThe mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13633
MISC
MISCethereum -- mavcash_tokenThe mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13614
MISC
MISCethereum -- maxhouse_tokenThe mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13531
MISC
MISCethereum -- mediacubetokenThe mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13634
MISC
MISCethereum -- medicayunlink_tokenThe mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13610
MISC
MISCethereum -- mehditazitokenThe mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13692
MISC
MISCethereum -- micoinnetworktokenThe mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13651
MISC
MISCethereum -- micointokenThe mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13619
MISC
MISCethereum -- micro_btc_tokenThe mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13553
MISC
MISCethereum -- mimicoin_tokenThe mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13548
MISC
MISCethereum -- mindexcoin_tokenThe mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13532
MISC
MISCethereum -- miningtokenThe mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13602
MISC
MISCethereum -- mjctokenThe mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13615
MISC
MISCethereum -- mjolnir_tokenThe mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13710
MISC
MISCethereum -- mkethtokenThe mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13483
MISC
MISCethereum -- mktcoin_tokenThe mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13568
MISC
MISCethereum -- mmcoin_tokenThe mintToken function of a smart contract implementation for MMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13504
MISC
MISCethereum -- momentumtokenThe mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13628
MISC
MISCethereum -- moneychainnet_tokenThe mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13760
MISC
MISCethereum -- moneytree_tokenThe mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13554
MISC
MISCethereum -- mooadvtokenThe mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13589
MISC
MISCethereum -- moontokenThe mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13462
MISC
MISCethereum -- mp3_coin_tokenAn integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-14002
MISC
MISCethereum -- msxadvanced_tokenThe mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13500
MISC
MISCethereum -- mvgcoin_tokenThe mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13641
MISC
MISCethereum -- my2tokenThe mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13582
MISC
MISCethereum -- myoffer_tokenThe mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13627
MISC
MISCethereum -- myylc_tokenThe mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13781
MISC
MISCethereum -- naga_tokenThe mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13492
MISC
MISCethereum -- ncu_tokenThe mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13669
MISC
MISCethereum -- nectar_tokenThe mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13586
MISC
MISCethereum -- neo_genesis_tokenAn integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-14006
MISC
MISCethereum -- netkilleradvancedtokenairdrop_tokenThe mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13761
MISC
MISCethereum -- netkillertokenThe mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13773
MISC
MISCethereum -- neurotokenThe mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13549
MISC
MISCethereum -- nexpara_tokenThe mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13632
MISC
MISCethereum -- normikaivo_tokenThe mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13687
MISC
MISCethereum -- numisma_tokenThe mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13544
MISC
MISCethereum -- objecttokenThe mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13622
MISC
MISCethereum -- obtcoin_tokenThe mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13672
MISC
MISCethereum -- ohni_2_tokenThe mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13473
MISC
MISCethereum -- olliscoin_tokenThe mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13489
MISC
MISCethereum -- onechain_tokenThe mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13740
MISC
MISCethereum -- orderbook_presale_tokenThe mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13676
MISC
MISCethereum -- otakutokenThe mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13755
MISC
MISCethereum -- paccoin_tokenThe mintToken function of a smart contract implementation for PACCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13535
MISC
MISCethereum -- paulycoin_tokenThe mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13465
MISC
MISCethereum -- pelocointokenThe mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13738
MISC
MISCethereum -- pgm_coin_tokenThe mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13572
MISC
MISCethereum -- philcoin_tokenThe mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13476
MISC
MISCethereum -- pinkytokenThe mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13521
MISC
MISCethereum -- platotokenThe mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13487
MISC
MISCethereum -- play2livepromo_tokenThe mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13698
MISC
MISCethereum -- pmet_tokenThe mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13712
MISC
MISCethereum -- pmhtokenThe mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13705
MISC
MISCethereum -- porncoin_tokenThe mintToken function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13524
MISC
MISCethereum -- projectj_tokenThe mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13733
MISC
MISCethereum -- providence_crypto_casino_tokenThe mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13547
MISC
MISCethereum -- providencecasino_tokenThe mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13580
MISC
MISCethereum -- qrg_tokenThe mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13480
MISC
MISCethereum -- rajtest_tokenThe mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13592
MISC
MISCethereum -- rajtestico_tokenThe mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13496
MISC
MISCethereum -- rckt_coin_tokenThe mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13775
MISC
MISCethereum -- redticket_tokenThe mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13696
MISC
MISCethereum -- remicoin_tokenAn wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.2018-07-10not yet calculatedCVE-2018-12230
MISCethereum -- residualshare_tokenThe mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13607
MISC
MISCethereum -- residualvalue_tokenThe mintToken function of a smart contract implementation for ResidualValue, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13599
MISC
MISCethereum -- retntokenThe mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13566
MISC
MISCethereum -- rhovit_tokenThe mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13558
MISC
MISCethereum -- rice_tokenThe mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13657
MISC
MISCethereum -- richiumtokenThe mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13750
MISC
MISCethereum -- riptidecoin_tokenThe mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13732
MISC
MISCethereum -- robincoin_tokenThe mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13612
MISC
MISCethereum -- robotbtc_tokenThe mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13697
MISC
MISCethereum -- rocket_coin_tokenAn integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-13836
MISC
MISCethereum -- royalclassiccoin_tokenThe mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13644
MISC
MISCethereum -- rrtokenThe mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13777
MISC
MISCethereum -- rtokenmain_tokenThe mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13691
MISC
MISCethereum -- sample_tokenThe mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13656
MISC
MISCethereum -- sdr22_tokenThe mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13506
MISC
MISCethereum -- sdr_tokenThe mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13567
MISC
MISCethereum -- secoin_tokenThe mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13642
MISC
MISCethereum -- semaintokenThe mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13626
MISC
MISCethereum -- sendme_tokenThe mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13598
MISC
MISCethereum -- sexhdsolo_tokenThe mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13716
MISC
MISCethereum -- sharktech_tokenAn integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-14001
MISCethereum -- shitcoin_tokenThe mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13577
MISC
MISCethereum -- shmoo_tokenThe mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13583
MISC
MISCethereum -- sipcoin_tokenThe mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13590
MISC
MISCethereum -- sipctokenThe mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13538
MISC
MISCethereum -- slcadvancedtokenThe mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13507
MISC
MISCethereum -- slidebitstokenThe mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13479
MISC
MISCethereum -- smart_contract_implementation_for_tickets_tokenThe mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13742
MISC
MISCethereum -- smarthomecoin_tokenThe mintToken function of a smart contract implementation for SmartHomeCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13512
MISC
MISCethereum -- smartpayment_tokenThe mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13523
MISC
MISCethereum -- soscoin_tokenThe mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13681
MISC
MISCethereum -- soundtribetokenThe mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13621
MISC
MISCethereum -- south_park_tokenThe mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13503
MISC
MISCethereum -- speedcashlite_tokenThe mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13534
MISC
MISCethereum -- stctokenThe mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13745
MISC
MISCethereum -- super_cool_awesome_money_tokenThe mintToken function of a smart contract implementation for Super Cool Awesome Money (SCAM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13516
MISC
MISCethereum -- superenergy_tokenThe mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13743
MISC
MISCethereum -- susantokenerc20_tokenThe mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13494
MISC
MISCethereum -- t-swap-tokenThe mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13463
MISC
MISCethereum -- t_swap_tokenThe mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13464
MISC
MISCethereum -- tcash_tokenThe mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13518
MISC
MISCethereum -- testahihi_token
*The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13596
MISC
MISCethereum -- testcoin_tokenThe mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13597
MISC
MISCethereum -- theflashtokenThe mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13772
MISC
MISCethereum -- thegodgital_tokenThe mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13658
MISC
MISCethereum -- thegodigital_tokenThe mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13652
MISC
MISCethereum -- thread_tokenThe mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13752
MISC
MISCethereum -- tokenmachu_tokenThe mintToken function of a smart contract implementation for TokenMACHU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13731
MISC
MISCethereum -- topscoinadvanced_tokenThe mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13520
MISC
MISCethereum -- trabet_coin_preico_tokenThe mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13552
MISC
MISCethereum -- trabet_coin_tokenThe mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13557
MISC
MISCethereum -- tradesman_tokenThe mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13713
MISC
MISCethereum -- travelcoin_tokenThe mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13581
MISC
MISCethereum -- tripcash_tokenThe mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13620
MISC
MISCethereum -- trippay_tokenThe mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13573
MISC
MISCethereum -- trium_tokenThe mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13481
MISC
MISCethereum -- truegoldcointokenThe mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13647
MISC
MISCethereum -- tube_tokenThe mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13709
MISC
MISCethereum -- turdcoin_tokenThe mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13636
MISC
MISCethereum -- ubiou_tokenThe mintToken function of a smart contract implementation for Ubiou, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13513
MISC
MISCethereum -- ublasti_tokenThe mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13763
MISC
MISCethereum -- ultimatecoin_tokenThe mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13770
MISC
MISCethereum -- upaytoken
*The mintToken function of a smart contract implementation for UPayToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13563
MISC
MISCethereum -- utbtokentest_tokenThe mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13667
MISC
MISCethereum -- utct_tokenThe mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13559
MISC
MISCethereum -- vanminhcoin_tokenThe mintToken function of a smart contract implementation for VanMinhCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13747
MISC
MISCethereum -- vicetoken_ico_is_a_scam_tokenThe mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13618
MISC
MISCethereum -- virtual_energy_units_tokenThe mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13639
MISC
MISCethereum -- vitemoneycoin_tokenThe mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13682
MISC
MISCethereum -- vittokenThe mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13508
MISC
MISCethereum -- vornox_tokenThe mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13685
MISC
MISCethereum -- vsctokenThe mintToken function of a smart contract implementation for VSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13475
MISC
MISCethereum -- wangwangtokenThe mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13526
MISC
MISCethereum -- welfare_token_fund_tokenThe mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13510
MISC
MISCethereum -- wellieat_tokenThe mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13604
MISC
MISCethereum -- wemediachain_tokenAn integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.2018-07-12not yet calculatedCVE-2018-14003
MISC
MISCethereum -- worldopctionchain_tokenThe mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13662
MISC
MISCethereum -- wxsltokenThe mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13624
MISC
MISCethereum -- yambyo_tokenThe mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13675
MISC
MISCethereum -- yasudem_tokenThe mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13584
MISC
MISCethereum -- yestokenThe mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13575
MISC
MISCethereum -- ylctokenThe mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13779
MISC
MISCethereum -- yss_tokenThe mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13707
MISC
MISCethereum -- yumerium_tokenThe mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13762
MISC
MISCethereum -- zibtokenThe mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13542
MISC
MISCethereum -- zip_tokenThe mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13684
MISC
MISCethereum -- zpecoin_tokenThe mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13679
MISC
MISCethereum -- ztokenThe mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-09not yet calculatedCVE-2018-13768
MISC
MISCexiv2 -- exiv2
*Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.2018-07-13not yet calculatedCVE-2018-14046
MISCf5 -- big-ip
*The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service.2018-07-12not yet calculatedCVE-2018-5529
BID
CONFIRMfirebase -- firebase

The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.2018-07-10not yet calculatedCVE-2018-13850
MISCforescout -- counteractOn Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property.2018-07-13not yet calculatedCVE-2016-9486
BID
CERT-VNforescout -- counteractOn Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account.2018-07-13not yet calculatedCVE-2016-9485
BID
CERT-VNfortify -- software_security_centerAn XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.2018-07-12not yet calculatedCVE-2018-12463
CONFIRMfoscam -- camerasStack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to cause a denial of service (crash and reboot), via the callbackJson parameter.2018-07-09not yet calculatedCVE-2018-6832
MISC
CONFIRMfoscam -- camerasDirectory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component.2018-07-09not yet calculatedCVE-2018-6830
MISC
CONFIRMfoscam -- cameras
*The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ';' in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849.2018-07-09not yet calculatedCVE-2018-6831
MISC
CONFIRMfreebsd -- freebsdImproper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37.2018-07-13not yet calculatedCVE-2016-6559
SECTRACK
FREEBSD
CERT-VN
BIDfreesshd -- freesshd
*Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.2018-07-10not yet calculatedCVE-2018-9853
MISCg_data -- total_securityThe GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.2018-07-13not yet calculatedCVE-2018-10018
FULLDISCgenann -- genann
*Genann through 2018-07-08 has a SEGV in genann_run in genann.c.2018-07-12not yet calculatedCVE-2018-13997
MISCgenann -- genann
*Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c.2018-07-12not yet calculatedCVE-2018-13996
MISCgigabyte -- brix_platformGIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.2018-07-09not yet calculatedCVE-2017-3198
BID
MISC
CERT-VNgigabyte -- brix_platformGIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.2018-07-09not yet calculatedCVE-2017-3197
BID
MISC
MISC
MISC
CERT-VNgravity -- gravity
*Gravity before 0.5.1 does not support a maximum recursion depth.2018-07-09not yet calculatedCVE-2018-13795
MISCgreen_packet -- dx-350Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.2018-07-13not yet calculatedCVE-2016-6552
CERT-VN
BIDgrundig -- smart_inter@ctive_tv_devicesGrundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.2018-07-11not yet calculatedCVE-2018-13989
MISC
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.2018-07-10not yet calculatedCVE-2018-13870
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c.2018-07-10not yet calculatedCVE-2018-13868
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.2018-07-10not yet calculatedCVE-2018-13876
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.2018-07-10not yet calculatedCVE-2018-13871
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.2018-07-10not yet calculatedCVE-2018-13873
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c.2018-07-10not yet calculatedCVE-2018-13866
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c, related to HDmemcpy.2018-07-12not yet calculatedCVE-2018-14032
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c.2018-07-10not yet calculatedCVE-2018-13867
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.2018-07-12not yet calculatedCVE-2018-14035
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.2018-07-12not yet calculatedCVE-2018-14034
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.2018-07-10not yet calculatedCVE-2018-13872
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.2018-07-10not yet calculatedCVE-2018-13875
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.2018-07-10not yet calculatedCVE-2018-13869
MISChdf -- hdf5An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.2018-07-10not yet calculatedCVE-2018-13874
MISChdf -- hdf5
*An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.2018-07-12not yet calculatedCVE-2018-14033
MISChdf -- hdf5
*An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.2018-07-12not yet calculatedCVE-2018-14031
MISChtslib -- htslib
*An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.2018-07-10not yet calculatedCVE-2018-13845
MISChtslib -- htslib
*An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c.2018-07-10not yet calculatedCVE-2018-13843
MISChtslib -- htslib
*An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c.2018-07-10not yet calculatedCVE-2018-13844
MISChughes -- satellite_modemsHughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.2018-07-13not yet calculatedCVE-2016-9496
CERT-VN
BIDhughes -- satellite_modemsHughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem.2018-07-13not yet calculatedCVE-2016-9497
CERT-VN
BIDhughes -- satellite_modemsHughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service.2018-07-13not yet calculatedCVE-2016-9494
CERT-VN
BIDhughes -- satellite_modemsHughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.2018-07-13not yet calculatedCVE-2016-9495
CERT-VN
BIDibm -- api_connectIBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657.2018-07-09not yet calculatedCVE-2018-1548
CONFIRM
BID
XFibm -- db2_for_linux_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.2018-07-10not yet calculatedCVE-2018-1458
SECTRACK
XF
CONFIRMibm -- db2_for_linux_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.2018-07-10not yet calculatedCVE-2018-1487
CONFIRM
SECTRACK
XFibm -- db2_for_linux_unix_and_windowsIBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.2018-07-10not yet calculatedCVE-2018-1566
CONFIRM
BID
SECTRACK
XFibm -- infosphere_data_replication_dashboardDirectory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.2018-07-09not yet calculatedCVE-2013-3001
XF
CONFIRMibm -- infosphere_data_replication_dashboardSQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116.2018-07-09not yet calculatedCVE-2013-3000
XF
CONFIRMibm -- infosphere_data_replication_dashboardCross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 84115.2018-07-09not yet calculatedCVE-2013-2999
XF
CONFIRMibm -- inotesOpen redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.2018-07-11not yet calculatedCVE-2013-0594
XF
CONFIRMibm -- inotesIBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371.2018-07-11not yet calculatedCVE-2013-0589
XF
CONFIRMibm -- inotes
*Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815.2018-07-11not yet calculatedCVE-2013-0592
XF
CONFIRMibm -- jazz_foundationIBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026.2018-07-10not yet calculatedCVE-2018-1423
CONFIRM
XFibm -- jazz_foundationIBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.2018-07-10not yet calculatedCVE-2018-1492
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804.2018-07-10not yet calculatedCVE-2018-1523
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137038.2018-07-10not yet calculatedCVE-2017-1793
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137037.2018-07-10not yet calculatedCVE-2017-1792
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919.2018-07-10not yet calculatedCVE-2017-1738
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658.2018-07-10not yet calculatedCVE-2018-1549
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137036.2018-07-10not yet calculatedCVE-2017-1791
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138429.2018-07-10not yet calculatedCVE-2018-1396
CONFIRM
XFibm -- rational_quality_managerIBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909.2018-07-10not yet calculatedCVE-2017-1729
CONFIRM
XFibm -- rational_team_concertIBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138445.2018-07-10not yet calculatedCVE-2018-1407
XF
CONFIRMibm -- rational_team_concertIBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446.2018-07-10not yet calculatedCVE-2018-1408
XF
CONFIRMibm -- rational_team_concertIBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802.2018-07-10not yet calculatedCVE-2018-1521
XF
CONFIRMibm -- security_identity_governance_and_intelligence_virt ual_applianceIBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 127341.2018-07-13not yet calculatedCVE-2017-1395
CONFIRM
XFibm -- security_identity_governance_and_intelligence_virt ual_applianceIBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860.2018-07-13not yet calculatedCVE-2017-1367
CONFIRM
XFibm -- system_networking_and_blade_network_technology_swi tchesThe Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166.2018-07-13not yet calculatedCVE-2013-0570
XF
CONFIRMibm -- tivoli_application_dependency_discovery_managerIBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353.2018-07-09not yet calculatedCVE-2013-3017
XF
CONFIRMibm -- websphere_cast_ironIBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868.2018-07-11not yet calculatedCVE-2013-2972
XF
CONFIRMibm -- websphere_portalIBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.2018-07-11not yet calculatedCVE-2013-2951
CONFIRM
XFidreamsoft -- icms
*An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.2018-07-10not yet calculatedCVE-2018-13865
MISCintel -- converged_security_manageability_engine_firmwareBu ffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.2018-07-10not yet calculatedCVE-2018-3628
CONFIRMintel -- converged_security_manageability_engine_firmwareMe mory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.2018-07-10not yet calculatedCVE-2018-3632
CONFIRMintel -- converged_security_manageability_engine_firmwareBu ffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.2018-07-10not yet calculatedCVE-2018-3629
CONFIRMintel -- converged_security_management_engineLogic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.2018-07-10not yet calculatedCVE-2018-3627
CONFIRMintel -- multiple_core_processors
*Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.2018-07-10not yet calculatedCVE-2017-5704
CONFIRMintel -- multiple_xeon_processorsExisting UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.2018-07-10not yet calculatedCVE-2018-3652
CONFIRMintel -- optane_memory_moduleInformation disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.2018-07-10not yet calculatedCVE-2018-3619
CONFIRMintel -- processor_diagnostic_toolUnquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.2018-07-10not yet calculatedCVE-2018-3668
CONFIRMintel -- processor_diagnostic_toolInstallation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.2018-07-10not yet calculatedCVE-2018-3667
CONFIRMintel -- quartus_iiUnquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.2018-07-10not yet calculatedCVE-2018-3687
CONFIRMintel -- quartus_iiUnquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.2018-07-10not yet calculatedCVE-2018-3684
CONFIRMintel -- quartus_primeUnquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.2018-07-10not yet calculatedCVE-2018-3683
CONFIRMintel -- quartus_prime_programmer_and_toolsUnquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.2018-07-10not yet calculatedCVE-2018-3688
CONFIRMintellian_technologies -- satellite_tv_t-series_and_v-series_firmware
*Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.2018-07-13not yet calculatedCVE-2016-6551
BID
CERT-VNitrack -- itrack_easyA captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.2018-07-13not yet calculatedCVE-2016-6543
BID
MISC
CERT-VNitrack -- itrack_easyThe iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.2018-07-13not yet calculatedCVE-2016-6546
BID
MISC
CERT-VNitrack -- itrack_easygetgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.2018-07-13not yet calculatedCVE-2016-6544
BID
MISC
CERT-VNitrack -- itrack_easySession cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.2018-07-13not yet calculatedCVE-2016-6545
BID
MISC
CERT-VNitrack -- itrack_easy
*The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.2018-07-13not yet calculatedCVE-2016-6542
BID
MISC
CERT-VNjenkins -- jenkinsJenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later.2018-07-09not yet calculatedCVE-2018-1000403
CONFIRMjenkins -- jenkinsJenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.2018-07-09not yet calculatedCVE-2018-1000401
CONFIRMjenkins -- jenkins
*Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later.2018-07-09not yet calculatedCVE-2018-1000404
CONFIRMjenkins -- jenkins
*Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later.2018-07-09not yet calculatedCVE-2018-1000402
CONFIRMjester -- jester
*Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences.2018-07-09not yet calculatedCVE-2018-13034
CONFIRMjfrog -- artifactoryJFrog Artifactory version since 5.11 contains a Cross-site Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1.2018-07-13not yet calculatedCVE-2018-1000206
MISC
CONFIRM
CONFIRMjfrog -- artifactory
*JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3.2018-07-09not yet calculatedCVE-2018-1000623
CONFIRMjuniper_networks -- contrail_service_orchestrationJuniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.2018-07-11not yet calculatedCVE-2018-0041
CONFIRMjuniper_networks -- contrail_service_orchestrationJuniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana.2018-07-11not yet calculatedCVE-2018-0039
CONFIRMjuniper_networks -- contrail_service_orchestrationJuniper Networks Contrail Service Orchestration versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.2018-07-11not yet calculatedCVE-2018-0040
CONFIRMjuniper_networks -- contrail_service_orchestrationJuniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.2018-07-11not yet calculatedCVE-2018-0042
CONFIRMjuniper_networks -- contrail_service_orchestrationJuniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra.2018-07-11not yet calculatedCVE-2018-0038
CONFIRMjuniper_networks -- junos_osWhen an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.2018-07-11not yet calculatedCVE-2018-0025
BID
CONFIRM
MISC
MISC
MISCjuniper_networks -- junos_osReceipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.2018-07-11not yet calculatedCVE-2018-0027
BID
CONFIRMjuniper_networks -- junos_osReceipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards.2018-07-11not yet calculatedCVE-2018-0030
CONFIRM
MISCjuniper_networks -- junos_osA Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2.2018-07-11not yet calculatedCVE-2018-0034
MISC
CONFIRMjuniper_networks -- junos_osAn Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.2018-07-11not yet calculatedCVE-2018-0024
BID
CONFIRMjuniper_networks -- junos_osReceipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5.2018-07-11not yet calculatedCVE-2018-0031
CONFIRMjuniper_networks -- junos_osAfter Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces extensive | match filters" CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME- This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3.2018-07-11not yet calculatedCVE-2018-0026
BID
CONFIRMjuniper_networks -- junos_osWhile experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.2018-07-11not yet calculatedCVE-2018-0029
CONFIRMjuniper_networks -- junos_osQFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue.2018-07-11not yet calculatedCVE-2018-0035
CONFIRMjuniper_networks -- junos_osThe receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.2018-07-11not yet calculatedCVE-2018-0032
CONFIRMjuniper_networks -- junos_osJunos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7;2018-07-11not yet calculatedCVE-2018-0037
CONFIRMkomoot -- komoot_cycling_and_hiking_maps_app_for_ios
*The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2018-07-12not yet calculatedCVE-2017-14709
MISClegion_of_the_bouncy_castle -- bouncy_castle_java_cryptography_apis

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later.2018-07-09not yet calculatedCVE-2018-1000613
CONFIRM
CONFIRMlenovo -- help_android_appThe Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.2018-07-13not yet calculatedCVE-2018-9067
CONFIRMlenovo -- smart_assistant_android_app
*For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.2018-07-13not yet calculatedCVE-2018-9070
CONFIRMlibgit2 -- libgit2
*A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.2018-07-10not yet calculatedCVE-2018-10887
CONFIRM
CONFIRM
CONFIRM
CONFIRMlibgit2 -- libgit2
*A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.2018-07-10not yet calculatedCVE-2018-10888
CONFIRM
CONFIRM
CONFIRMlibpng -- libpng
*In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.2018-07-09not yet calculatedCVE-2018-13785
MISC
MISC
UBUNTUlibpng -- libpng
*An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.2018-07-13not yet calculatedCVE-2018-14048
MISC
MISClibwav -- libwavThe function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.2018-07-13not yet calculatedCVE-2018-14051
MISC
MISClibwav -- libwavAn issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c.2018-07-13not yet calculatedCVE-2018-14050
MISC
MISClibwav -- libwav
*An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.2018-07-13not yet calculatedCVE-2018-14049
MISC
MISClibwav -- libwav
*An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c.2018-07-13not yet calculatedCVE-2018-14052
MISC
MISClinux -- linux_kernelIt was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.2018-07-11not yet calculatedCVE-2016-9604
CONFIRM
BID
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
*A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.2018-07-10not yet calculatedCVE-2018-10872
REDHAT
CONFIRMlinux -- linux_kernel
*An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.2018-07-06not yet calculatedCVE-2018-13406
MISC
BID
MISC
MISClinux -- linux_kernel
*Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel2018-07-06not yet calculatedCVE-2017-15851
MISC
MISCmailman -- mailman
*Unspecified vulnerability in Mailman before 2.1.28 has unknown impact and attack vectors.2018-07-12not yet calculatedCVE-2018-13796
MLISTmanageengine -- applications_managerManageEngine Applications Manager 12 and 13 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system.2018-07-13not yet calculatedCVE-2016-9491
FULLDISC
BIDmedtronic -- n'vision_clinician_programmer_and_n'vision_removab le_application_cardMedtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.2018-07-13not yet calculatedCVE-2018-10631
MISC
MISCmicrosoft -- .net_frameworkA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.2018-07-10not yet calculatedCVE-2018-8284
BID
SECTRACK
CONFIRMmicrosoft -- .net_frameworkAn elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.2018-07-10not yet calculatedCVE-2018-8202
BID
SECTRACK
CONFIRMmicrosoft -- .net_frameworkA security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.2018-07-10not yet calculatedCVE-2018-8356
BID
SECTRACK
CONFIRMmicrosoft -- .net_framework
*A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.2018-07-10not yet calculatedCVE-2018-8260
BID
SECTRACK
CONFIRMmicrosoft -- access_and_officeA remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.2018-07-10not yet calculatedCVE-2018-8312
BID
SECTRACK
CONFIRMmicrosoft -- active_directory_federation_servicesA cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Directory Federation Services XSS Vulnerability." This affects Web Customizations.2018-07-10not yet calculatedCVE-2018-8326
BID
SECTRACK
CONFIRMmicrosoft -- chakracoreA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.2018-07-10not yet calculatedCVE-2018-8298
BID
CONFIRMmicrosoft -- chakracore_and_edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301.2018-07-10not yet calculatedCVE-2018-8275
BID
SECTRACK
CONFIRMmicrosoft -- chakracore_and_edgeA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294.2018-07-10not yet calculatedCVE-2018-8280
BID
SECTRACK
CONFIRMmicrosoft -- chakracore_and_edgeA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290, CVE-2018-8294.2018-07-10not yet calculatedCVE-2018-8286
BID
SECTRACK
CONFIRMmicrosoft -- chakracore_and_edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.2018-07-10not yet calculatedCVE-2018-8279
BID
SECTRACK
CONFIRMmicrosoft -- chakracore_and_edgeA security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.2018-07-10not yet calculatedCVE-2018-8276
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
*A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.2018-07-10not yet calculatedCVE-2018-8283
BID
CONFIRMmicrosoft -- edgeA spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.2018-07-10not yet calculatedCVE-2018-8278
BID
SECTRACK
CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8324.2018-07-10not yet calculatedCVE-2018-8325
BID
SECTRACK
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279.2018-07-10not yet calculatedCVE-2018-8301
BID
SECTRACK
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.2018-07-10not yet calculatedCVE-2018-8262
BID
SECTRACK
CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325.2018-07-10not yet calculatedCVE-2018-8324
BID
SECTRACK
CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325.2018-07-10not yet calculatedCVE-2018-8289
BID
SECTRACK
CONFIRMmicrosoft -- edgeAn information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325.2018-07-10not yet calculatedCVE-2018-8297
BID
SECTRACK
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.2018-07-10not yet calculatedCVE-2018-8274
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290.2018-07-10not yet calculatedCVE-2018-8294
BID
SECTRACK
CONFIRMmicrosoft -- edge_and_chakracoreA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294.2018-07-10not yet calculatedCVE-2018-8290
BID
SECTRACK
CONFIRMmicrosoft -- edge
*A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.2018-07-10not yet calculatedCVE-2018-8125
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298.2018-07-10not yet calculatedCVE-2018-8296
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorerA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.2018-07-10not yet calculatedCVE-2018-8242
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
*A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.2018-07-10not yet calculatedCVE-2018-0949
BID
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.2018-07-10not yet calculatedCVE-2018-8287
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_productsA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.2018-07-10not yet calculatedCVE-2018-8291
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_productsA security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8222
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
*A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.2018-07-10not yet calculatedCVE-2018-8288
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- officeA remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.2018-07-10not yet calculatedCVE-2018-8281
BID
SECTRACK
CONFIRMmicrosoft -- powerpoint
*An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution.2018-07-11not yet calculatedCVE-2018-3929
MISCmicrosoft -- powershellA remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.2018-07-10not yet calculatedCVE-2018-8327
BID
SECTRACK
CONFIRMmicrosoft -- research_javascript_cryptography_library
*A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.2018-07-10not yet calculatedCVE-2018-8319
BID
SECTRACK
CONFIRMmicrosoft -- sharepointAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.2018-07-10not yet calculatedCVE-2018-8299
BID
SECTRACK
CONFIRMmicrosoft -- sharepointA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.2018-07-10not yet calculatedCVE-2018-8300
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint_serverAn elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8299.2018-07-10not yet calculatedCVE-2018-8323
BID
SECTRACK
CONFIRMmicrosoft -- skype_and_lyncA remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.2018-07-10not yet calculatedCVE-2018-8311
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- skype_and_lyncA security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.2018-07-10not yet calculatedCVE-2018-8238
BID
CONFIRMmicrosoft -- visual_studioA remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.2018-07-10not yet calculatedCVE-2018-8172
BID
SECTRACK
CONFIRMmicrosoft -- visual_studioA Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.2018-07-10not yet calculatedCVE-2018-8232
BID
SECTRACK
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8282
BID
SECTRACK
CONFIRMmicrosoft -- windowsA security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8307
BID
SECTRACK
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8206
BID
SECTRACK
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314.2018-07-10not yet calculatedCVE-2018-8313
BID
SECTRACK
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.2018-07-10not yet calculatedCVE-2018-8314
BID
SECTRACK
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8304
BID
SECTRACK
CONFIRMmicrosoft -- windowsAn elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8308
BID
CONFIRMmicrosoft -- windowsA denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.2018-07-10not yet calculatedCVE-2018-8309
BID
SECTRACK
CONFIRMmicrosoft -- windowsAn information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.2018-07-10not yet calculatedCVE-2018-8305
BID
SECTRACK
CONFIRMmicrosoft -- wireless_display_adapter_v2_softwareA command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software.2018-07-10not yet calculatedCVE-2018-8306
BID
SECTRACK
CONFIRMmicrosoft -- word_and_officeA tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.2018-07-10not yet calculatedCVE-2018-8310
BID
CONFIRMmicroworld -- escan_internet_security_suite_for_businessIn MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).2018-07-13not yet calculatedCVE-2018-10098
FULLDISCminicom -- minicom
*A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process.2018-07-11not yet calculatedCVE-2017-7467
MLIST
BID
CONFIRM
GENTOOmodulestate.cpp -- modulestate.cpp
*The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.2018-07-08not yet calculatedCVE-2018-13440
MISCmodx -- revolutionMODX Revolution version
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 03:37 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.