SB18-197: Vulnerability Summary for the Week of July 9, 2018

Original release date: July 16, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arm — cortex-a Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. 2018-07-10 4.7 CVE-2018-3693
CONFIRM
MISC
MISC
servviziotoken_project — servviziotoken The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 5.0 CVE-2018-13723
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abbyy — flexicapture Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login. 2018-07-09 not yet calculated CVE-2018-13793
MISC
abbyy — flexicapture The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter. 2018-07-09 not yet calculated CVE-2018-13791
MISC
accellion — ftp_server Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. 2018-07-13 not yet calculated CVE-2016-9500
CERT-VN
MISC
BID
accellion — ftp_server Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. 2018-07-13 not yet calculated CVE-2016-9499
CERT-VN
MISC
BID
accountsservice — accountsservice
 
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. 2018-07-13 not yet calculated CVE-2018-14036
MISC
MISC
MISC
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4999
BID
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4980
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4985
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4949
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4972
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4989
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4968
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4957
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4948
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4986
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4979
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4964
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4998
BID
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4971
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4950
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4966
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4954
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4977
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4965
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4993
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4951
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4955
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4996
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4953
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4967
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4947
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4988
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4973
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4952
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4969
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4984
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4961
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4978
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4963
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4958
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4960
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4962
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4997
BID
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4983
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4981
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4956
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4975
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4974
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4970
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-4976
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA ‘\n’ POST injection vulnerability. Successful exploitation could lead to a security bypass. 2018-07-09 not yet calculated CVE-2018-4995
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4987
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4982
BID
SECTRACK
MISC
adobe — acrobat_and_reader Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4990
BID
SECTRACK
MISC
adobe — acrobat_and_reader
 
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4959
BID
SECTRACK
MISC
adobe — flash_player Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-5002
BID
SECTRACK
REDHAT
MISC
adobe — flash_player Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-5001
BID
SECTRACK
REDHAT
MISC
adobe — flash_player
 
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4945
BID
SECTRACK
REDHAT
MISC
adobe — flash_player
 
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. 2018-07-09 not yet calculated CVE-2018-5000
BID
SECTRACK
REDHAT
MISC
adobe — photoshop_cc Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. 2018-07-09 not yet calculated CVE-2018-4946
BID
SECTRACK
MISC
ansible — ansible
 
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. 2018-07-13 not yet calculated CVE-2018-10875
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
antenna_house — office_server_document_converter An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method. 2018-07-11 not yet calculated CVE-2018-3933
MISC
antenna_house — office_server_document_converter In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method. 2018-07-11 not yet calculated CVE-2018-3931
MISC
antenna_house — office_server_document_converter In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method. 2018-07-11 not yet calculated CVE-2018-3930
MISC
antenna_house — office_server_document_converter An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution. 2018-07-11 not yet calculated CVE-2018-3932
MISC
antenna_house — office_server_document_converter In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. 2018-07-11 not yet calculated CVE-2018-3936
MISC
apache — couchdb
 
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system’s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2. 2018-07-11 not yet calculated CVE-2018-8007
MLIST
MLIST
CONFIRM
apache — ldap_api
 
In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request). 2018-07-10 not yet calculated CVE-2018-1337
MLIST
apache — spark In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it’s possible for a malicious user to construct a URL pointing to a Spark cluster’s UI’s job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user’s view of the Spark UI. 2018-07-12 not yet calculated CVE-2018-8024
MLIST
CONFIRM
apache — spark
 
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. 2018-07-12 not yet calculated CVE-2018-1334
MLIST
CONFIRM
apache — storm
 
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user. 2018-07-10 not yet calculated CVE-2018-1331
CONFIRM
CONFIRM
MLIST
BID
SECTRACK
asp.net — asp.net
 
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka “ASP.NET Security Feature Bypass Vulnerability.” This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. 2018-07-10 not yet calculated CVE-2018-8171
BID
SECTRACK
CONFIRM
asustek — asus_rp-ac52_access_points A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed. 2018-07-13 not yet calculated CVE-2016-6558
CERT-VN
BID
asustek — asus_rp-ac52_access_points In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. 2018-07-13 not yet calculated CVE-2016-6557
CERT-VN
BID
atlassian — confluence
 
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. 2018-07-10 not yet calculated CVE-2018-13389
CONFIRM
atlassian — fisheye_and_crucible The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. 2018-07-10 not yet calculated CVE-2018-13388
BID
CONFIRM
CONFIRM
atlassian — floodlight_controller Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). 2018-07-09 not yet calculated CVE-2018-1000617
MISC
BID
barco — clickshare_and_base_units An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit. 2018-07-10 not yet calculated CVE-2018-10943
CONFIRM
CONFIRM
bento4 — bento4 An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. 2018-07-10 not yet calculated CVE-2018-13847
MISC
bento4 — bento4
 
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. 2018-07-10 not yet calculated CVE-2018-13848
MISC
bento4 — bento4
 
An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read. 2018-07-10 not yet calculated CVE-2018-13846
MISC
bmc — intel_product_firmware
 
BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. 2018-07-10 not yet calculated CVE-2018-3682
CONFIRM
boostnote — boostnote Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. 2018-07-08 not yet calculated CVE-2018-13433
MISC
bootstrap — bootstrap In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. 2018-07-13 not yet calculated CVE-2018-14042
MISC
MISC
MISC
MISC
bootstrap — bootstrap
 
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. 2018-07-13 not yet calculated CVE-2018-14040
MISC
MISC
MISC
MISC
bootstrap — bootstrap
 
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. 2018-07-13 not yet calculated CVE-2018-14041
MISC
MISC
MISC
MISC
catfish — cms
 
Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). 2018-07-12 not yet calculated CVE-2018-13999
MISC
catimg — catimg
 
A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0. 2018-07-09 not yet calculated CVE-2018-13794
MISC
ceph-mon — ceph-mon
 
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. 2018-07-10 not yet calculated CVE-2018-10861
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
cephx — cephx A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. 2018-07-10 not yet calculated CVE-2018-1129
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
cephx — cephx
 
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. 2018-07-10 not yet calculated CVE-2018-1128
CONFIRM
REDHAT
REDHAT
CONFIRM
CONFIRM
clippercms — clippercms
 
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. 2018-07-12 not yet calculated CVE-2018-13998
MISC

cloud_foundry — cloud_foundry

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack detection, passed through the Java Buildpack detection script, and allow the serving of static content from within the deployed artifact. The default Apache Tomcat configuration in the affected java buildpack versions for some basic web application archive (WAR) packaged applications are vulnerable to this issue. 2018-07-11 not yet calculated CVE-2016-0708
CONFIRM
cmft — cmft
 
An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact. 2018-07-10 not yet calculated CVE-2018-13833
MISC
MISC
codelathe — filecloud CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. 2018-07-13 not yet calculated CVE-2016-6578
BID
CERT-VN
codiad — codiad
 
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. 2018-07-12 not yet calculated CVE-2018-14009
MISC
MISC
concrete5 — concrete5
 
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. 2018-07-09 not yet calculated CVE-2018-13790
MISC
creatiwity — witycms CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account’s email field. 2018-07-12 not yet calculated CVE-2018-14029
MISC
crestron — airmedia_am-100_and_am-101_devices Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2018-07-11 not yet calculated CVE-2017-16710
CONFIRM
crestron — airmedia_am-100_and_am-101_devices Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. 2018-07-11 not yet calculated CVE-2017-16709
CONFIRM
crestron — digital_graphics_engine The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access. 2018-07-10 not yet calculated CVE-2018-5553
MISC
CONFIRM
curl — curl
 
Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard –limit-rate argument or CURLOPT_BUFFERSIZE value). 2018-07-11 not yet calculated CVE-2018-0500
SECTRACK
CONFIRM
CONFIRM
UBUNTU
d-link_systems — dir_routers Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. 2018-07-13 not yet calculated CVE-2016-6563
FULLDISC
BID
EXPLOIT-DB
CERT-VN
dolibarr — dolibarr SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. 2018-07-08 not yet calculated CVE-2018-13448
MISC
dolibarr — dolibarr SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter. 2018-07-08 not yet calculated CVE-2018-13449
MISC
dolibarr — dolibarr
 
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. 2018-07-08 not yet calculated CVE-2018-13447
MISC
dolibarr — dolibarr
 
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. 2018-07-08 not yet calculated CVE-2018-13450
MISC
doorkeeper — doorkeeper
 
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API’s authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. 2018-07-13 not yet calculated CVE-2018-1000211
CONFIRM
CONFIRM
dspace — dspace
 
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI. 2018-07-10 not yet calculated CVE-2016-10726
MISC
MISC
MISC
eaton — 9000x_drivea
 
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. 2018-07-13 not yet calculated CVE-2018-8847
MISC
BID
MISC
eclipse — vert.x In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. 2018-07-12 not yet calculated CVE-2018-12540
CONFIRM
elo — eloenterprise_and_eloprofessional There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the “userdata” table from the “eloam” database. 2018-07-11 not yet calculated CVE-2018-10197
FULLDISC
eosio/eos — eosio/eos EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . 2018-07-09 not yet calculated CVE-2018-1000618
CONFIRM
epubcheck — epubcheck EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim’s trust relationship with other entities. 2018-07-13 not yet calculated CVE-2016-9487
CERT-VN
BID
eran_hammer — cryptiles Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2. 2018-07-09 not yet calculated CVE-2018-1000620
CONFIRM
ethereum — ablgenesistoken The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13741
MISC
MISC
ethereum — airdroppercryptics_token The mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13623
MISC
MISC
ethereum — aluxtoken The mintToken function of a smart contract implementation for ALUXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13533
MISC
MISC
ethereum — aman_token The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13515
MISC
MISC
ethereum — amtoken The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13600
MISC
MISC
ethereum — anovabace_token
 
The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13737
MISC
MISC
ethereum — antoken The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13720
MISC
MISC
ethereum — app_token The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13661
MISC
MISC

ethereum — appletoken

The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13776
MISC
MISC
ethereum — archain_token The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13606
MISC
MISC
ethereum — archercoin_token The mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13608
MISC
MISC
ethereum — azttoken The mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13734
MISC
MISC
ethereum — bcaas_token The mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13665
MISC
MISC
ethereum — bcxss_token The mintToken function of a smart contract implementation for Bcxss, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13539
MISC
MISC
ethereum — betterthanadrien_token The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13529
MISC
MISC
ethereum — beyondcashtoken The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13471
MISC
MISC
ethereum — bgamecoin_token The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13551
MISC
MISC
ethereum — bgc_token The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13648
MISC
MISC
ethereum — bigcadvancedtoken The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13759
MISC
MISC
ethereum — billionrewardstoken The mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13660
MISC
MISC
ethereum — biqutoken The mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13764
MISC
MISC
ethereum — bitcoinagiletoken The mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13485
MISC
MISC
ethereum — bitedutoken The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13719
MISC
MISC
ethereum — bitmaxertoken The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13650
MISC
MISC
ethereum — bitpark_token
 
The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13638
MISC
MISC
ethereum — bitstarti_token The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13774
MISC
MISC
ethereum — bitstore_token The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13595
MISC
MISC
ethereum — bmvcoin_token The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13562
MISC
MISC
ethereum — bpstoken The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13715
MISC
MISC
ethereum — briancoin_token The mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13659
MISC
MISC
ethereum — briant2token The mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13603
MISC
MISC
ethereum — bsctoken The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13663
MISC
MISC
ethereum — btpcoin_token The mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13668
MISC
MISC
ethereum — buyertoken The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13470
MISC
MISC
ethereum — buytoken The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13708
MISC
MISC
ethereum — c3_token The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13517
MISC
MISC
ethereum — captoz_token The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13617
MISC
MISC
ethereum — cardfactory_token The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13594
MISC
MISC
ethereum — cardtoken The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13593
MISC
MISC
ethereum — carrot_token The mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13491
MISC
MISC
ethereum — cartoken The mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13748
MISC
MISC
ethereum — cavecoin_token The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13468
MISC
MISC
ethereum — cbrtoken The mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13484
MISC
MISC
ethereum — ccash_token The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13546
MISC
MISC
ethereum — cdcurrency_token The mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13611
MISC
MISC
ethereum — cerb_coin_token The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13703
MISC
MISC
ethereum — cgctoken The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13778
MISC
MISC
ethereum — cherrycoin_token The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13585
MISC
MISC
ethereum — cherrycoinfoundation_token The mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13756
MISC
MISC
ethereum — cikkacoin_token The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13637
MISC
MISC
ethereum — cjxtoken The mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13689
MISC
MISC
ethereum — cloutoken The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13472
MISC
MISC
ethereum — cm_token The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13714
MISC
MISC
ethereum — co2bit_token The mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13565
MISC
MISC
ethereum — cobtoken The mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13497
MISC
MISC
ethereum — code47_token The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13588
MISC
MISC
ethereum — coinquer_token The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13757
MISC
MISC
ethereum — combilladvancedtoken The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13674
MISC
MISC
ethereum — con0217_token The mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13613
MISC
MISC
ethereum — coquinho_coin_token The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13550
MISC
MISC
ethereum — corellicoin_token The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13511
MISC
MISC
ethereum — cornerstone_token The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13767
MISC
MISC
ethereum — cosmotokenerc20_token The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13556
MISC
MISC
ethereum — crimsonshilling_token The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13629
MISC
MISC
ethereum — crowdnext_token The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13744
MISC
MISC
ethereum — crowdsale_token The mintToken function of a smart contract implementation for Crowdsale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13499
MISC
MISC
ethereum — crypto_alley_shares_token The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13488
MISC
MISC
ethereum — cryptoleu_token The mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13541
MISC
MISC
ethereum — cryptosistoken The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13754
MISC
MISC
ethereum — crystals_token The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13466
MISC
MISC
ethereum — csatoken The mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13609
MISC
MISC
ethereum — ctesale_token The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13477
MISC
MISC
ethereum — ctest7_token The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13695
MISC
MISC
ethereum — cws_token
 
The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13664
MISC
MISC
ethereum — daddytoken The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13493
MISC
MISC
ethereum — databits_token The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13711
MISC
MISC
ethereum — datashieldcoin_token The mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13574
MISC
MISC
ethereum — datiac_token The mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13646
MISC
MISC
ethereum — dectoken The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13587
MISC
MISC
ethereum — deploy_token The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13649
MISC
MISC
ethereum — destineed_token The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13699
MISC
MISC
ethereum — deweisecurityservicetoken The mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13753
MISC
MISC
ethereum — dhacoin_token The mintToken function of a smart contract implementation for DhaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13528
MISC
MISC
ethereum — digitalcloudtoken The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13519
MISC
MISC
ethereum — dinsteincoin_token The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13671
MISC
MISC
ethereum — dmptoken The mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13478
MISC
MISC
ethereum — doccoin_token The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13631
MISC
MISC
ethereum — doccoinpreico_token The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13630
MISC
MISC
ethereum — dopnetwork_token The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13739
MISC
MISC
ethereum — eastcoin_token The mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13727
MISC
MISC
ethereum — easticoin_token The mintToken function of a smart contract implementation for Easticoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13766
MISC
MISC
ethereum — ecogreenhouse_token The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13505
MISC
MISC
ethereum — eddtoken The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13704
MISC
MISC
ethereum — elearningcoinerc_token The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13736
MISC
MISC
ethereum — elevatecoin_token The mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13527
MISC
MISC
ethereum — enter_token The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13735
MISC
MISC
ethereum — entercoin_token The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13782
MISC
MISC
ethereum — epiphanycoin_token The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13467
MISC
MISC
ethereum — erc20_ico_token The mintToken function of a smart contract implementation for ERC20_ICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13536
MISC
MISC
ethereum — eristicaico_token The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13666
MISC
MISC
ethereum — escut_token The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13576
MISC
MISC
ethereum — esh_token The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13780
MISC
MISC
ethereum — esportz_token The mintToken function of a smart contract implementation for esportz, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13514
MISC
MISC
ethereum — essence_token The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13702
MISC
MISC
ethereum — eststoken The mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13654
MISC
MISC
ethereum — eth033_token The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13561
MISC
MISC
ethereum — ethercash_token The mintToken function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13482
MISC
MISC
ethereum — ethereumlegit_token
 
The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13537
MISC
MISC
ethereum — ethereumsmart_token The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13640
MISC
MISC
ethereum — exacorecontract_token The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13771
MISC
MISC
ethereum — exgroup_token The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13522
MISC
MISC
ethereum — exsulcoin_token The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13683
MISC
MISC
ethereum — extremetoken The mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13605
MISC
MISC
ethereum — fanschaintoken The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13474
MISC
MISC
ethereum — film_token The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13490
MISC
MISC
ethereum — finaltoken The mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13749
MISC
MISC
ethereum — fiocoin_token The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13645
MISC
MISC
ethereum — flow_token The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13525
MISC
MISC
ethereum — forevercoin_token The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13579
MISC
MISC
ethereum — futurxe_token The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13718
MISC
MISC
ethereum — galacticx_token The mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13601
MISC
MISC
ethereum — galaxycoin_token The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13578
MISC
MISC
ethereum — gatcoin_token The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13564
MISC
MISC
ethereum — gcrtokenerc210_token The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13643
MISC
MISC
ethereum — gemstonetoken The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13543
MISC
MISC
ethereum — gfc_token The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13655
MISC
MISC
ethereum — gfcb_token The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13670
MISC
MISC
ethereum — globalsupergametoken The mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13725
MISC
MISC
ethereum — globecoin_token An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-14004
MISC
MISC
ethereum — gmile_token The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13694
MISC
MISC
ethereum — goldtokenerc20_token The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13673
MISC
MISC
ethereum — gomineworld_token The mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13721
MISC
MISC
ethereum — goochain_token The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13677
MISC
MISC
ethereum — goramcoin_token The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13571
MISC
MISC
ethereum — greenenergytoken The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13693
MISC
MISC
ethereum — gsi_token The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13540
MISC
MISC
ethereum — hashshield_token The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13545
MISC
MISC
ethereum — hbcm_token The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13635
MISC
MISC
ethereum — heliumnetwork_token The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13502
MISC
MISC
ethereum — help_token The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13486
MISC
MISC
ethereum — hey_token The mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13730
MISC
MISC
ethereum — hittoken The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13569
MISC
MISC
ethereum — hormitechtoken The mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13717
MISC
MISC
ethereum — hrwtoken The mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13501
MISC
MISC
ethereum — huntercoin_token The mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13530
MISC
MISC
ethereum — hyipcrowdsale1_token The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13724
MISC
MISC
ethereum — hyiptoken The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13722
MISC
MISC
ethereum — iamrich_token The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13509
MISC
MISC
ethereum — ico_dollar_token The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13686
MISC
MISC
ethereum — icocontract_token The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13469
MISC
MISC
ethereum — ideacoin_token The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13706
MISC
MISC
ethereum — instacocoa_token The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13690
MISC
MISC
ethereum — ioct_coin_token The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13616
MISC
MISC
ethereum — ipmcoin_token The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13700
MISC
MISC
ethereum — ipshoots_token The mintToken function of a smart contract implementation for ipshoots, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13653
MISC
MISC
ethereum — iseevoicetoken The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13726
MISC
MISC
ethereum — jaxbox_token The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13555
MISC
MISC
ethereum — jeanstoken The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13769
MISC
MISC
ethereum — jiucaitoken The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13783
MISC
MISC
ethereum — jixocoin_token The mintToken function of a smart contract implementation for JixoCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13728
MISC
MISC
ethereum — jpmd100b_token The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13729
MISC
MISC
ethereum — justwallet_token The mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13751
MISC
MISC
ethereum — kapaycoin_token The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13498
MISC
MISC
ethereum — kapcoin_token The mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13591
MISC
MISC
ethereum — kbit_token The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13746
MISC
MISC
ethereum — kelvintoken The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13560
MISC
MISC
ethereum — kissme_token The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13701
MISC
MISC
ethereum — kktestcoin1_token The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13570
MISC
MISC
ethereum — kmctoken The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13495
MISC
MISC
ethereum — krown_token The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13625
MISC
MISC
ethereum — landcoin_token The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13765
MISC
MISC
ethereum — lexittoken The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13680
MISC
MISC
ethereum — lolicoin_token The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13758
MISC
MISC
ethereum — lottery_token The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13678
MISC
MISC
ethereum — malaysia_coins_token An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-14005
MISC
MISC
ethereum — malltoken The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13688
MISC
MISC
ethereum — martcoin_token The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13633
MISC
MISC
ethereum — mavcash_token The mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13614
MISC
MISC
ethereum — maxhouse_token The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13531
MISC
MISC
ethereum — mediacubetoken The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13634
MISC
MISC
ethereum — medicayunlink_token The mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13610
MISC
MISC
ethereum — mehditazitoken The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13692
MISC
MISC
ethereum — micoinnetworktoken The mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13651
MISC
MISC
ethereum — micointoken The mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13619
MISC
MISC
ethereum — micro_btc_token The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13553
MISC
MISC
ethereum — mimicoin_token The mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13548
MISC
MISC
ethereum — mindexcoin_token The mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13532
MISC
MISC
ethereum — miningtoken The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13602
MISC
MISC
ethereum — mjctoken The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13615
MISC
MISC
ethereum — mjolnir_token The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13710
MISC
MISC
ethereum — mkethtoken The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13483
MISC
MISC
ethereum — mktcoin_token The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13568
MISC
MISC
ethereum — mmcoin_token The mintToken function of a smart contract implementation for MMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13504
MISC
MISC
ethereum — momentumtoken The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13628
MISC
MISC
ethereum — moneychainnet_token The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13760
MISC
MISC
ethereum — moneytree_token The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13554
MISC
MISC
ethereum — mooadvtoken The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13589
MISC
MISC
ethereum — moontoken The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13462
MISC
MISC
ethereum — mp3_coin_token An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-14002
MISC
MISC
ethereum — msxadvanced_token The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13500
MISC
MISC
ethereum — mvgcoin_token The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13641
MISC
MISC
ethereum — my2token The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13582
MISC
MISC
ethereum — myoffer_token The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13627
MISC
MISC
ethereum — myylc_token The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13781
MISC
MISC
ethereum — naga_token The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13492
MISC
MISC
ethereum — ncu_token The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13669
MISC
MISC
ethereum — nectar_token The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13586
MISC
MISC
ethereum — neo_genesis_token An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-14006
MISC
MISC
ethereum — netkilleradvancedtokenairdrop_token The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13761
MISC
MISC
ethereum — netkillertoken The mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13773
MISC
MISC
ethereum — neurotoken The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13549
MISC
MISC
ethereum — nexpara_token The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13632
MISC
MISC
ethereum — normikaivo_token The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13687
MISC
MISC
ethereum — numisma_token The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13544
MISC
MISC
ethereum — objecttoken The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13622
MISC
MISC
ethereum — obtcoin_token The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13672
MISC
MISC
ethereum — ohni_2_token The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13473
MISC
MISC
ethereum — olliscoin_token The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13489
MISC
MISC
ethereum — onechain_token The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13740
MISC
MISC
ethereum — orderbook_presale_token The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13676
MISC
MISC
ethereum — otakutoken The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13755
MISC
MISC
ethereum — paccoin_token The mintToken function of a smart contract implementation for PACCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13535
MISC
MISC
ethereum — paulycoin_token The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13465
MISC
MISC
ethereum — pelocointoken The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13738
MISC
MISC
ethereum — pgm_coin_token The mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13572
MISC
MISC
ethereum — philcoin_token The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13476
MISC
MISC
ethereum — pinkytoken The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13521
MISC
MISC
ethereum — platotoken The mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13487
MISC
MISC
ethereum — play2livepromo_token The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13698
MISC
MISC
ethereum — pmet_token The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13712
MISC
MISC
ethereum — pmhtoken The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13705
MISC
MISC
ethereum — porncoin_token The mintToken function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13524
MISC
MISC
ethereum — projectj_token The mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13733
MISC
MISC
ethereum — providence_crypto_casino_token The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13547
MISC
MISC
ethereum — providencecasino_token The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13580
MISC
MISC
ethereum — qrg_token The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13480
MISC
MISC
ethereum — rajtest_token The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13592
MISC
MISC
ethereum — rajtestico_token The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13496
MISC
MISC
ethereum — rckt_coin_token The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13775
MISC
MISC
ethereum — redticket_token The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13696
MISC
MISC
ethereum — remicoin_token An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks. 2018-07-10 not yet calculated CVE-2018-12230
MISC
ethereum — residualshare_token The mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13607
MISC
MISC
ethereum — residualvalue_token The mintToken function of a smart contract implementation for ResidualValue, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13599
MISC
MISC
ethereum — retntoken The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13566
MISC
MISC
ethereum — rhovit_token The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13558
MISC
MISC
ethereum — rice_token The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13657
MISC
MISC
ethereum — richiumtoken The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13750
MISC
MISC
ethereum — riptidecoin_token The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13732
MISC
MISC
ethereum — robincoin_token The mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13612
MISC
MISC
ethereum — robotbtc_token The mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13697
MISC
MISC
ethereum — rocket_coin_token An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-13836
MISC
MISC
ethereum — royalclassiccoin_token The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13644
MISC
MISC
ethereum — rrtoken The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13777
MISC
MISC
ethereum — rtokenmain_token The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13691
MISC
MISC
ethereum — sample_token The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13656
MISC
MISC
ethereum — sdr22_token The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13506
MISC
MISC
ethereum — sdr_token The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13567
MISC
MISC
ethereum — secoin_token The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13642
MISC
MISC
ethereum — semaintoken The mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13626
MISC
MISC
ethereum — sendme_token The mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13598
MISC
MISC
ethereum — sexhdsolo_token The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13716
MISC
MISC
ethereum — sharktech_token An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-14001
MISC
ethereum — shitcoin_token The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13577
MISC
MISC
ethereum — shmoo_token The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13583
MISC
MISC
ethereum — sipcoin_token The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13590
MISC
MISC
ethereum — sipctoken The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13538
MISC
MISC
ethereum — slcadvancedtoken The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13507
MISC
MISC
ethereum — slidebitstoken The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13479
MISC
MISC
ethereum — smart_contract_implementation_for_tickets_token The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13742
MISC
MISC
ethereum — smarthomecoin_token The mintToken function of a smart contract implementation for SmartHomeCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13512
MISC
MISC
ethereum — smartpayment_token The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13523
MISC
MISC
ethereum — soscoin_token The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13681
MISC
MISC
ethereum — soundtribetoken The mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13621
MISC
MISC
ethereum — south_park_token The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13503
MISC
MISC
ethereum — speedcashlite_token The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13534
MISC
MISC
ethereum — stctoken The mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13745
MISC
MISC
ethereum — super_cool_awesome_money_token The mintToken function of a smart contract implementation for Super Cool Awesome Money (SCAM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13516
MISC
MISC
ethereum — superenergy_token The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13743
MISC
MISC
ethereum — susantokenerc20_token The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13494
MISC
MISC
ethereum — t-swap-token The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13463
MISC
MISC
ethereum — t_swap_token The mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13464
MISC
MISC
ethereum — tcash_token The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13518
MISC
MISC
ethereum — testahihi_token
 
The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13596
MISC
MISC
ethereum — testcoin_token The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13597
MISC
MISC
ethereum — theflashtoken The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13772
MISC
MISC
ethereum — thegodgital_token The mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13658
MISC
MISC
ethereum — thegodigital_token The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13652
MISC
MISC
ethereum — thread_token The mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13752
MISC
MISC
ethereum — tokenmachu_token The mintToken function of a smart contract implementation for TokenMACHU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13731
MISC
MISC
ethereum — topscoinadvanced_token The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13520
MISC
MISC
ethereum — trabet_coin_preico_token The mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13552
MISC
MISC
ethereum — trabet_coin_token The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13557
MISC
MISC
ethereum — tradesman_token The mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13713
MISC
MISC
ethereum — travelcoin_token The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13581
MISC
MISC
ethereum — tripcash_token The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13620
MISC
MISC
ethereum — trippay_token The mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13573
MISC
MISC
ethereum — trium_token The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13481
MISC
MISC
ethereum — truegoldcointoken The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13647
MISC
MISC
ethereum — tube_token The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13709
MISC
MISC
ethereum — turdcoin_token The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13636
MISC
MISC
ethereum — ubiou_token The mintToken function of a smart contract implementation for Ubiou, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13513
MISC
MISC
ethereum — ublasti_token The mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13763
MISC
MISC
ethereum — ultimatecoin_token The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13770
MISC
MISC
ethereum — upaytoken
 
The mintToken function of a smart contract implementation for UPayToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13563
MISC
MISC
ethereum — utbtokentest_token The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13667
MISC
MISC
ethereum — utct_token The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13559
MISC
MISC
ethereum — vanminhcoin_token The mintToken function of a smart contract implementation for VanMinhCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13747
MISC
MISC
ethereum — vicetoken_ico_is_a_scam_token The mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13618
MISC
MISC
ethereum — virtual_energy_units_token The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13639
MISC
MISC
ethereum — vitemoneycoin_token The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13682
MISC
MISC
ethereum — vittoken The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13508
MISC
MISC
ethereum — vornox_token The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13685
MISC
MISC
ethereum — vsctoken The mintToken function of a smart contract implementation for VSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13475
MISC
MISC
ethereum — wangwangtoken The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13526
MISC
MISC
ethereum — welfare_token_fund_token The mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13510
MISC
MISC
ethereum — wellieat_token The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13604
MISC
MISC
ethereum — wemediachain_token An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user’s balance. 2018-07-12 not yet calculated CVE-2018-14003
MISC
MISC
ethereum — worldopctionchain_token The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13662
MISC
MISC
ethereum — wxsltoken The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13624
MISC
MISC
ethereum — yambyo_token The mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13675
MISC
MISC
ethereum — yasudem_token The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13584
MISC
MISC
ethereum — yestoken The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13575
MISC
MISC
ethereum — ylctoken The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13779
MISC
MISC
ethereum — yss_token The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13707
MISC
MISC
ethereum — yumerium_token The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13762
MISC
MISC
ethereum — zibtoken The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13542
MISC
MISC
ethereum — zip_token The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13684
MISC
MISC
ethereum — zpecoin_token The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13679
MISC
MISC
ethereum — ztoken The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. 2018-07-09 not yet calculated CVE-2018-13768
MISC
MISC
exiv2 — exiv2
 
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. 2018-07-13 not yet calculated CVE-2018-14046
MISC
f5 — big-ip
 
The svpn component of the F5 BIG-IP APM client prior to version 7.1.7 for Linux and Mac OS X runs as a privileged process and can allow an unprivileged user to assume super-user privileges on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or disrupt service. 2018-07-12 not yet calculated CVE-2018-5529
BID
CONFIRM

firebase — firebase

The “Firebase Cloud Messaging (FCM) + Advance Admin Panel” component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter. 2018-07-10 not yet calculated CVE-2018-13850
MISC
forescout — counteract On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property. 2018-07-13 not yet calculated CVE-2016-9486
BID
CERT-VN
forescout — counteract On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account. 2018-07-13 not yet calculated CVE-2016-9485
BID
CERT-VN
fortify — software_security_center An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. 2018-07-12 not yet calculated CVE-2018-12463
CONFIRM
foscam — cameras Stack-based buffer overflow in the getSWFlag function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to cause a denial of service (crash and reboot), via the callbackJson parameter. 2018-07-09 not yet calculated CVE-2018-6832
MISC
CONFIRM
foscam — cameras Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the URI path component. 2018-07-09 not yet calculated CVE-2018-6830
MISC
CONFIRM
foscam — cameras
 
The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite V2 2.52.2.47 and earlier, FI9800P, FI9800P V2, FI9803P V2, FI9803P V3, and FI9851P V2 2.54.2.47 and earlier, FI9815P, FI9815P V2, FI9816P, and FI9816P V2, 2.51.2.47 and earlier, R2 and R4 2.71.1.59 and earlier, C2 and FI9961EP 2.72.1.59 and earlier, FI9900EP, FI9900P, and FI9901EP 2.74.1.59 and earlier, FI9928P 2.74.1.58 and earlier, FI9803EP and FI9853EP 2.22.2.31 and earlier, FI9803P and FI9851P 2.24.2.31 and earlier, FI9821P V2, FI9826P V2, FI9831P V2, and FI9821EP 2.21.2.31 and earlier, FI9821W V2, FI9831W, FI9826W, FI9821P, FI9831P, and FI9826P 2.11.1.120 and earlier, FI9818W V2 2.13.2.120 and earlier, FI9805W, FI9804W, FI9804P, FI9805E, and FI9805P 2.14.1.120 and earlier, FI9828P, and FI9828W 2.13.1.120 and earlier, and FI9828P V2 2.11.1.133 and earlier allows remote authenticated users to execute arbitrary commands via a ‘;’ in the ntpServer argument. NOTE: this issue exists because of an incomplete fix for CVE-2017-2849. 2018-07-09 not yet calculated CVE-2018-6831
MISC
CONFIRM
freebsd — freebsd Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37. 2018-07-13 not yet calculated CVE-2016-6559
SECTRACK
FREEBSD
CERT-VN
BID
freesshd — freesshd
 
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server. 2018-07-10 not yet calculated CVE-2018-9853
MISC
g_data — total_security The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. 2018-07-13 not yet calculated CVE-2018-10018
FULLDISC
genann — genann
 
Genann through 2018-07-08 has a SEGV in genann_run in genann.c. 2018-07-12 not yet calculated CVE-2018-13997
MISC
genann — genann
 
Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c. 2018-07-12 not yet calculated CVE-2018-13996
MISC
gigabyte — brix_platform GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. 2018-07-09 not yet calculated CVE-2017-3198
BID
MISC
CERT-VN
gigabyte — brix_platform GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. 2018-07-09 not yet calculated CVE-2017-3197
BID
MISC
MISC
MISC
CERT-VN
gravity — gravity
 
Gravity before 0.5.1 does not support a maximum recursion depth. 2018-07-09 not yet calculated CVE-2018-13795
MISC
green_packet — dx-350 Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. 2018-07-13 not yet calculated CVE-2016-6552
CERT-VN
BID
grundig — smart_inter@ctive_tv_devices Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. 2018-07-11 not yet calculated CVE-2018-13989
MISC
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. 2018-07-10 not yet calculated CVE-2018-13870
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. 2018-07-10 not yet calculated CVE-2018-13868
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread. 2018-07-10 not yet calculated CVE-2018-13876
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c. 2018-07-10 not yet calculated CVE-2018-13871
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c. 2018-07-10 not yet calculated CVE-2018-13873
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. 2018-07-10 not yet calculated CVE-2018-13866
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_new_decode in H5Ofill.c, related to HDmemcpy. 2018-07-12 not yet calculated CVE-2018-14032
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. 2018-07-10 not yet calculated CVE-2018-13867
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. 2018-07-12 not yet calculated CVE-2018-14035
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. 2018-07-12 not yet calculated CVE-2018-14034
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c. 2018-07-10 not yet calculated CVE-2018-13872
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c. 2018-07-10 not yet calculated CVE-2018-13875
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. 2018-07-10 not yet calculated CVE-2018-13869
MISC
hdf — hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset. 2018-07-10 not yet calculated CVE-2018-13874
MISC
hdf — hdf5
 
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. 2018-07-12 not yet calculated CVE-2018-14033
MISC
hdf — hdf5
 
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. 2018-07-12 not yet calculated CVE-2018-14031
MISC
htslib — htslib
 
An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. 2018-07-10 not yet calculated CVE-2018-13845
MISC
htslib — htslib
 
An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. 2018-07-10 not yet calculated CVE-2018-13843
MISC
htslib — htslib
 
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. 2018-07-10 not yet calculated CVE-2018-13844
MISC
hughes — satellite_modems Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. 2018-07-13 not yet calculated CVE-2016-9496
CERT-VN
BID
hughes — satellite_modems Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem. 2018-07-13 not yet calculated CVE-2016-9497
CERT-VN
BID
hughes — satellite_modems Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device’s advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. 2018-07-13 not yet calculated CVE-2016-9494
CERT-VN
BID
hughes — satellite_modems Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device’s default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. 2018-07-13 not yet calculated CVE-2016-9495
CERT-VN
BID
ibm — api_connect IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 142657. 2018-07-09 not yet calculated CVE-2018-1548
CONFIRM
BID
XF
ibm — db2_for_linux_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209. 2018-07-10 not yet calculated CVE-2018-1458
SECTRACK
XF
CONFIRM
ibm — db2_for_linux_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972. 2018-07-10 not yet calculated CVE-2018-1487
CONFIRM
SECTRACK
XF
ibm — db2_for_linux_unix_and_windows IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023. 2018-07-10 not yet calculated CVE-2018-1566
CONFIRM
BID
SECTRACK
XF
ibm — infosphere_data_replication_dashboard Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127. 2018-07-09 not yet calculated CVE-2013-3001
XF
CONFIRM
ibm — infosphere_data_replication_dashboard SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116. 2018-07-09 not yet calculated CVE-2013-3000
XF
CONFIRM
ibm — infosphere_data_replication_dashboard Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 84115. 2018-07-09 not yet calculated CVE-2013-2999
XF
CONFIRM
ibm — inotes Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. 2018-07-11 not yet calculated CVE-2013-0594
XF
CONFIRM
ibm — inotes IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to bypass the remote image filtering mechanism and obtain sensitive information via a crafted e-mail message. IBM X-Force ID: 83371. 2018-07-11 not yet calculated CVE-2013-0589
XF
CONFIRM
ibm — inotes
 
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. 2018-07-11 not yet calculated CVE-2013-0592
XF
CONFIRM
ibm — jazz_foundation IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. IBM X-Force ID: 139026. 2018-07-10 not yet calculated CVE-2018-1423
CONFIRM
XF
ibm — jazz_foundation IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server’s failure to properly log out from the previous session. IBM X-Force ID: 140977. 2018-07-10 not yet calculated CVE-2018-1492
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141804. 2018-07-10 not yet calculated CVE-2018-1523
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137038. 2018-07-10 not yet calculated CVE-2017-1793
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137037. 2018-07-10 not yet calculated CVE-2017-1792
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 contains an undisclosed vulnerability that would allow an authenticated user to obtain elevated privileges. IBM X-Force ID: 134919. 2018-07-10 not yet calculated CVE-2017-1738
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 142658. 2018-07-10 not yet calculated CVE-2018-1549
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137036. 2018-07-10 not yet calculated CVE-2017-1791
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138429. 2018-07-10 not yet calculated CVE-2018-1396
CONFIRM
XF
ibm — rational_quality_manager IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134909. 2018-07-10 not yet calculated CVE-2017-1729
CONFIRM
XF
ibm — rational_team_concert IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138445. 2018-07-10 not yet calculated CVE-2018-1407
XF
CONFIRM
ibm — rational_team_concert IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138446. 2018-07-10 not yet calculated CVE-2018-1408
XF
CONFIRM
ibm — rational_team_concert IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141802. 2018-07-10 not yet calculated CVE-2018-1521
XF
CONFIRM
ibm — security_identity_governance_and_intelligence_virtual_appliance IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 127341. 2018-07-13 not yet calculated CVE-2017-1395
CONFIRM
XF
ibm — security_identity_governance_and_intelligence_virtual_appliance IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860. 2018-07-13 not yet calculated CVE-2017-1367
CONFIRM
XF
ibm — system_networking_and_blade_network_technology_switches The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances by eavesdropping on the broadcast domain. IBM X-Force ID: 83166. 2018-07-13 not yet calculated CVE-2013-0570
XF
CONFIRM
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353. 2018-07-09 not yet calculated CVE-2013-3017
XF
CONFIRM
ibm — websphere_cast_iron IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM X-Force ID: 83868. 2018-07-11 not yet calculated CVE-2013-2972
XF
CONFIRM
ibm — websphere_portal IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621. 2018-07-11 not yet calculated CVE-2013-2951
CONFIRM
XF
idreamsoft — icms
 
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. 2018-07-10 not yet calculated CVE-2018-13865
MISC
intel — converged_security_manageability_engine_firmware Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet. 2018-07-10 not yet calculated CVE-2018-3628
CONFIRM
intel — converged_security_manageability_engine_firmware Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system. 2018-07-10 not yet calculated CVE-2018-3632
CONFIRM
intel — converged_security_manageability_engine_firmware Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet. 2018-07-10 not yet calculated CVE-2018-3629
CONFIRM
intel — converged_security_management_engine Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. 2018-07-10 not yet calculated CVE-2018-3627
CONFIRM
intel — multiple_core_processors
 
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges. 2018-07-10 not yet calculated CVE-2017-5704
CONFIRM
intel — multiple_xeon_processors Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces. 2018-07-10 not yet calculated CVE-2018-3652
CONFIRM
intel — optane_memory_module Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. 2018-07-10 not yet calculated CVE-2018-3619
CONFIRM
intel — processor_diagnostic_tool Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. 2018-07-10 not yet calculated CVE-2018-3668
CONFIRM
intel — processor_diagnostic_tool Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. 2018-07-10 not yet calculated CVE-2018-3667
CONFIRM
intel — quartus_ii Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 – 15.0 allow a local attacker to potentially execute arbitrary code. 2018-07-10 not yet calculated CVE-2018-3687
CONFIRM
intel — quartus_ii Unquoted service paths in Intel Quartus II in versions 11.0 – 15.0 allow a local attacker to potentially execute arbitrary code. 2018-07-10 not yet calculated CVE-2018-3684
CONFIRM
intel — quartus_prime Unquoted service paths in Intel Quartus Prime in versions 15.1 – 18.0 allow a local attacker to potentially execute arbitrary code. 2018-07-10 not yet calculated CVE-2018-3683
CONFIRM
intel — quartus_prime_programmer_and_tools Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 – 18.0 allow a local attacker to potentially execute arbitrary code. 2018-07-10 not yet calculated CVE-2018-3688
CONFIRM
intellian_technologies — satellite_tv_t-series_and_v-series_firmware
 
Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device. 2018-07-13 not yet calculated CVE-2016-6551
BID
CERT-VN
itrack — itrack_easy A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. 2018-07-13 not yet calculated CVE-2016-6543
BID
MISC
CERT-VN
itrack — itrack_easy The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext. 2018-07-13 not yet calculated CVE-2016-6546
BID
MISC
CERT-VN
itrack — itrack_easy getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device. 2018-07-13 not yet calculated CVE-2016-6544
BID
MISC
CERT-VN
itrack — itrack_easy Session cookies are not used for maintaining valid sessions in iTrack Easy. The user’s password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password. 2018-07-13 not yet calculated CVE-2016-6545
BID
MISC
CERT-VN
itrack — itrack_easy
 
The iTrack device tracking ID number, also called “LosserID” in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device’s BLE MAC address. 2018-07-13 not yet calculated CVE-2016-6542
BID
MISC
CERT-VN
jenkins — jenkins Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later. 2018-07-09 not yet calculated CVE-2018-1000403
CONFIRM
jenkins — jenkins Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later. 2018-07-09 not yet calculated CVE-2018-1000401
CONFIRM
jenkins — jenkins
 
Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later. 2018-07-09 not yet calculated CVE-2018-1000404
CONFIRM
jenkins — jenkins
 
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later. 2018-07-09 not yet calculated CVE-2018-1000402
CONFIRM
jester — jester
 
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via “..%f” sequences. 2018-07-09 not yet calculated CVE-2018-13034
CONFIRM
jfrog — artifactory JFrog Artifactory version since 5.11 contains a Cross-site Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1. 2018-07-13 not yet calculated CVE-2018-1000206
MISC
CONFIRM
CONFIRM
jfrog — artifactory
 
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The “Import Repository from Zip” feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known “Zip Slip” vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. 2018-07-09 not yet calculated CVE-2018-1000623
CONFIRM
juniper_networks — contrail_service_orchestration Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone. 2018-07-11 not yet calculated CVE-2018-0041
CONFIRM
juniper_networks — contrail_service_orchestration Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana. 2018-07-11 not yet calculated CVE-2018-0039
CONFIRM
juniper_networks — contrail_service_orchestration Juniper Networks Contrail Service Orchestration versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. 2018-07-11 not yet calculated CVE-2018-0040
CONFIRM
juniper_networks — contrail_service_orchestration Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. 2018-07-11 not yet calculated CVE-2018-0042
CONFIRM
juniper_networks — contrail_service_orchestration Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra. 2018-07-11 not yet calculated CVE-2018-0038
CONFIRM
juniper_networks — junos_os When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series. 2018-07-11 not yet calculated CVE-2018-0025
BID
CONFIRM
MISC
MISC
MISC
juniper_networks — junos_os Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1. 2018-07-11 not yet calculated CVE-2018-0027
BID
CONFIRM
juniper_networks — junos_os Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards. 2018-07-11 not yet calculated CVE-2018-0030
CONFIRM
MISC
juniper_networks — junos_os A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. This issue is limited to systems which receives IPv6 DHCP packets on a system configured for DHCP processing using the JDHCPD daemon. This issue does not affect IPv4 DHCP packet processing. Affected releases are Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S10 on EX Series; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200; 15.1X53 versions prior to 15.1X53-D471 on NFX 150, NFX 250; 16.1 versions prior to 16.1R3-S9, 16.1R4-S8, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2. 2018-07-11 not yet calculated CVE-2018-0034
MISC
CONFIRM
juniper_networks — junos_os An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series. 2018-07-11 not yet calculated CVE-2018-0024
BID
CONFIRM
juniper_networks — junos_os Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5. 2018-07-11 not yet calculated CVE-2018-0031
CONFIRM
juniper_networks — junos_os After Junos OS device reboot or upgrade, the stateless firewall filter configuration may not take effect. This issue can be verified by running the command: user@re0> show interfaces <interface_name> extensive | match filters” CAM destination filters: 0, CAM source filters: 0 Note: when the issue occurs, it does not show the applied firewall filter. The correct output should show the applied firewall filter, for example: user@re0> show interfaces <interface_name> extensive | match filters” CAM destination filters: 0, CAM source filters: 0 Input Filters: FIREWAL_FILTER_NAME-<interface_name> This issue affects firewall filters for every address family. Affected releases are Juniper Networks Junos OS: 15.1R4, 15.1R5, 15.1R6 and SRs based on these MRs. 15.1X8 versions prior to 15.1X8.3. 2018-07-11 not yet calculated CVE-2018-0026
BID
CONFIRM
juniper_networks — junos_os While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the ‘monitor traffic interface fxp0’ can cause the system to crash and restart (vmcore). This issue only affects Junos OS 15.1 and later releases, and affects both single core and multi-core REs. Releases prior to Junos OS 15.1 are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S11, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R5-S4, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D90, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. 2018-07-11 not yet calculated CVE-2018-0029
CONFIRM
juniper_networks — junos_os QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the .bin or .iso images may contain an unintended additional Open Network Install Environment (ONIE) partition. This additional partition allows the superuser to reboot to the ONIE partition which will wipe out the content of the Junos partition and its configuration. Once rebooted, the ONIE partition will not have root password configured, thus any user can access the console or SSH, using an IP address acquired from DHCP, as root without password. Once the device has been shipped or upgraded with the ONIE partition installed, the issue will persist. Simply upgrading to higher release via the CLI will not resolve the issue. No other Juniper Networks products or platforms are affected by this issue. 2018-07-11 not yet calculated CVE-2018-0035
CONFIRM
juniper_networks — junos_os The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2. 2018-07-11 not yet calculated CVE-2018-0032
CONFIRM
juniper_networks — junos_os Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7; 2018-07-11 not yet calculated CVE-2018-0037
CONFIRM
komoot — komoot_cycling_and_hiking_maps_app_for_ios
 
The komoot GmbH “Komoot – Cycling & Hiking Maps” app before 9.3.2 — aka komoot-cycling-hiking-maps/id447374873 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-07-12 not yet calculated CVE-2017-14709
MISC

legion_of_the_bouncy_castle — bouncy_castle_java_cryptography_apis

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later. 2018-07-09 not yet calculated CVE-2018-1000613
CONFIRM
CONFIRM
lenovo — help_android_app The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. 2018-07-13 not yet calculated CVE-2018-9067
CONFIRM
lenovo — smart_assistant_android_app
 
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo. 2018-07-13 not yet calculated CVE-2018-9070
CONFIRM
libgit2 — libgit2
 
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. 2018-07-10 not yet calculated CVE-2018-10887
CONFIRM
CONFIRM
CONFIRM
CONFIRM
libgit2 — libgit2
 
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. 2018-07-10 not yet calculated CVE-2018-10888
CONFIRM
CONFIRM
CONFIRM
libpng — libpng
 
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. 2018-07-09 not yet calculated CVE-2018-13785
MISC
MISC
UBUNTU
libpng — libpng
 
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. 2018-07-13 not yet calculated CVE-2018-14048
MISC
MISC
libwav — libwav The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. 2018-07-13 not yet calculated CVE-2018-14051
MISC
MISC
libwav — libwav An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c. 2018-07-13 not yet calculated CVE-2018-14050
MISC
MISC
libwav — libwav
 
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c. 2018-07-13 not yet calculated CVE-2018-14049
MISC
MISC
libwav — libwav
 
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c. 2018-07-13 not yet calculated CVE-2018-14052
MISC
MISC
linux — linux_kernel It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as ‘.dns_resolver’ in RHEL-7 or ‘.builtin_trusted_keys’ upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. 2018-07-11 not yet calculated CVE-2016-9604
CONFIRM
BID
REDHAT
REDHAT
REDHAT
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE. 2018-07-10 not yet calculated CVE-2018-10872
REDHAT
CONFIRM
linux — linux_kernel
 
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. 2018-07-06 not yet calculated CVE-2018-13406
MISC
BID
MISC
MISC
linux — linux_kernel
 
Lack of copy_from_user and information leak in function “msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel 2018-07-06 not yet calculated CVE-2017-15851
MISC
MISC
mailman — mailman
 
Unspecified vulnerability in Mailman before 2.1.28 has unknown impact and attack vectors. 2018-07-12 not yet calculated CVE-2018-13796
MLIST
manageengine — applications_manager ManageEngine Applications Manager 12 and 13 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system. 2018-07-13 not yet calculated CVE-2016-9491
FULLDISC
BID
medtronic — n’vision_clinician_programmer_and_n’vision_removable_application_card Medtronic N’Vision Clinician Programmer 8840 N’Vision Clinician Programmer, all versions, and 8870 N’Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. 2018-07-13 not yet calculated CVE-2018-10631
MISC
MISC
microsoft — .net_framework A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka “.NET Framework Remote Code Injection Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. 2018-07-10 not yet calculated CVE-2018-8284
BID
SECTRACK
CONFIRM
microsoft — .net_framework An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka “.NET Framework Elevation of Privilege Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. 2018-07-10 not yet calculated CVE-2018-8202
BID
SECTRACK
CONFIRM
microsoft — .net_framework A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka “.NET Framework Security Feature Bypass Vulnerability.” This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. 2018-07-10 not yet calculated CVE-2018-8356
BID
SECTRACK
CONFIRM
microsoft — .net_framework
 
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka “.NET Framework Remote Code Execution Vulnerability.” This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2. 2018-07-10 not yet calculated CVE-2018-8260
BID
SECTRACK
CONFIRM
microsoft — access_and_office A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka “Microsoft Access Remote Code Execution Vulnerability.” This affects Microsoft Access, Microsoft Office. 2018-07-10 not yet calculated CVE-2018-8312
BID
SECTRACK
CONFIRM
microsoft — active_directory_federation_services A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka “Open Source Customization for Active Directory Federation Services XSS Vulnerability.” This affects Web Customizations. 2018-07-10 not yet calculated CVE-2018-8326
BID
SECTRACK
CONFIRM
microsoft — chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296. 2018-07-10 not yet calculated CVE-2018-8298
BID
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301. 2018-07-10 not yet calculated CVE-2018-8275
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294. 2018-07-10 not yet calculated CVE-2018-8280
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290, CVE-2018-8294. 2018-07-10 not yet calculated CVE-2018-8286
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301. 2018-07-10 not yet calculated CVE-2018-8279
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka “Scripting Engine Security Feature Bypass Vulnerability.” This affects Microsoft Edge, ChakraCore. 2018-07-10 not yet calculated CVE-2018-8276
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. 2018-07-10 not yet calculated CVE-2018-8283
BID
CONFIRM
microsoft — edge A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. 2018-07-10 not yet calculated CVE-2018-8278
BID
SECTRACK
CONFIRM
microsoft — edge An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8324. 2018-07-10 not yet calculated CVE-2018-8325
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279. 2018-07-10 not yet calculated CVE-2018-8301
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. 2018-07-10 not yet calculated CVE-2018-8262
BID
SECTRACK
CONFIRM
microsoft — edge An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325. 2018-07-10 not yet calculated CVE-2018-8324
BID
SECTRACK
CONFIRM
microsoft — edge An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325. 2018-07-10 not yet calculated CVE-2018-8289
BID
SECTRACK
CONFIRM
microsoft — edge An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325. 2018-07-10 not yet calculated CVE-2018-8297
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. 2018-07-10 not yet calculated CVE-2018-8274
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290. 2018-07-10 not yet calculated CVE-2018-8294
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294. 2018-07-10 not yet calculated CVE-2018-8290
BID
SECTRACK
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. 2018-07-10 not yet calculated CVE-2018-8125
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298. 2018-07-10 not yet calculated CVE-2018-8296
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. 2018-07-10 not yet calculated CVE-2018-8242
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka “Internet Explorer Security Feature Bypass Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. 2018-07-10 not yet calculated CVE-2018-0949
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. 2018-07-10 not yet calculated CVE-2018-8287
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298. 2018-07-10 not yet calculated CVE-2018-8291
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8222
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. 2018-07-10 not yet calculated CVE-2018-8288
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — office A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability.” This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer. 2018-07-10 not yet calculated CVE-2018-8281
BID
SECTRACK
CONFIRM
microsoft — powerpoint
 
An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution. 2018-07-11 not yet calculated CVE-2018-3929
MISC
microsoft — powershell A remote code execution vulnerability exists in PowerShell Editor Services, aka “PowerShell Editor Services Remote Code Execution Vulnerability.” This affects PowerShell Editor, PowerShell Extension. 2018-07-10 not yet calculated CVE-2018-8327
BID
SECTRACK
CONFIRM
microsoft — research_javascript_cryptography_library
 
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka “MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.” This affects Microsoft Research JavaScript Cryptography Library. 2018-07-10 not yet calculated CVE-2018-8319
BID
SECTRACK
CONFIRM
microsoft — sharepoint An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323. 2018-07-10 not yet calculated CVE-2018-8299
BID
SECTRACK
CONFIRM
microsoft — sharepoint A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka “Microsoft SharePoint Remote Code Execution Vulnerability.” This affects Microsoft SharePoint. 2018-07-10 not yet calculated CVE-2018-8300
BID
SECTRACK
CONFIRM
microsoft — sharepoint_server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka “Microsoft SharePoint Elevation of Privilege Vulnerability.” This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8299. 2018-07-10 not yet calculated CVE-2018-8323
BID
SECTRACK
CONFIRM
microsoft — skype_and_lync A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka “Remote Code Execution Vulnerability in Skype For Business and Lync.” This affects Skype, Microsoft Lync. 2018-07-10 not yet calculated CVE-2018-8311
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — skype_and_lync A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka “Skype for Business and Lync Security Feature Bypass Vulnerability.” This affects Skype, Microsoft Lync. 2018-07-10 not yet calculated CVE-2018-8238
BID
CONFIRM
microsoft — visual_studio A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka “Visual Studio Remote Code Execution Vulnerability.” This affects Microsoft Visual Studio, Expression Blend 4. 2018-07-10 not yet calculated CVE-2018-8172
BID
SECTRACK
CONFIRM
microsoft — visual_studio A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka “Microsoft Macro Assembler Tampering Vulnerability.” This affects Microsoft Visual Studio. 2018-07-10 not yet calculated CVE-2018-8232
BID
SECTRACK
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8282
BID
SECTRACK
CONFIRM
microsoft — windows A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka “WordPad Security Feature Bypass Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8307
BID
SECTRACK
CONFIRM
microsoft — windows A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka “Windows FTP Server Denial of Service Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8206
BID
SECTRACK
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka “Windows Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314. 2018-07-10 not yet calculated CVE-2018-8313
BID
SECTRACK
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka “Windows Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313. 2018-07-10 not yet calculated CVE-2018-8314
BID
SECTRACK
CONFIRM
microsoft — windows A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka “Windows DNSAPI Denial of Service Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8304
BID
SECTRACK
CONFIRM
microsoft — windows An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka “Windows Kernel Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8308
BID
CONFIRM
microsoft — windows A denial of service vulnerability exists when Windows improperly handles objects in memory, aka “Windows Denial of Service Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-07-10 not yet calculated CVE-2018-8309
BID
SECTRACK
CONFIRM
microsoft — windows An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka “Windows Mail Client Information Disclosure Vulnerability.” This affects Mail, Calendar, and People in Windows 8.1 App Store. 2018-07-10 not yet calculated CVE-2018-8305
BID
SECTRACK
CONFIRM
microsoft — wireless_display_adapter_v2_software A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka “Microsoft Wireless Display Adapter Command Injection Vulnerability.” This affects Microsoft Wireless Display Adapter V2 Software. 2018-07-10 not yet calculated CVE-2018-8306
BID
SECTRACK
CONFIRM
microsoft — word_and_office A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka “Microsoft Office Tampering Vulnerability.” This affects Microsoft Word, Microsoft Office. 2018-07-10 not yet calculated CVE-2018-8310
BID
CONFIRM
microworld — escan_internet_security_suite_for_business In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD). 2018-07-13 not yet calculated CVE-2018-10098
FULLDISC
minicom — minicom
 
A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. 2018-07-11 not yet calculated CVE-2017-7467
MLIST
BID
CONFIRM
GENTOO
modulestate.cpp — modulestate.cpp
 
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. 2018-07-08 not yet calculated CVE-2018-13440
MISC
modx — revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980. 2018-07-13 not yet calculated CVE-2018-1000208
CONFIRM
modx — revolution
 
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68. 2018-07-13 not yet calculated CVE-2018-1000207
CONFIRM
CONFIRM
mongodb — bson
 
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string. 2018-07-10 not yet calculated CVE-2018-13863
MISC
MISC
moodle — moodle
 
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank. 2018-07-10 not yet calculated CVE-2018-10891
BID
CONFIRM
moodle — moodle
 
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. 2018-07-10 not yet calculated CVE-2018-10889
BID
CONFIRM
moodle — moodle
 
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. 2018-07-10 not yet calculated CVE-2018-10890
BID
CONFIRM
mp4v2 — mp4v2
 
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. 2018-07-13 not yet calculated CVE-2018-14054
MISC
mstdlib — mstdlib
 
mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data. 2018-07-13 not yet calculated CVE-2018-14043
CONFIRM
CONFIRM
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13096
BID
CERT-VN
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13094
BID
CERT-VN
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13092
BID
CERT-VN
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13093
BID
CERT-VN
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13097
BID
CERT-VN
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13091
BID
CERT-VN
multiple_vendors — ieee_p1735_implementations The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts. 2018-07-13 not yet calculated CVE-2017-13095
BID
CERT-VN
mycroft_ai — mycroft-core Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and “non-enclosure” installs – Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available. 2018-07-09 not yet calculated CVE-2018-1000621
MISC
MISC
nagios — nagios_core qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. 2018-07-12 not yet calculated CVE-2018-13458
MISC

nagios — nagios_core

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. 2018-07-12 not yet calculated CVE-2018-13457
MISC
nagios — nagios_core qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. 2018-07-12 not yet calculated CVE-2018-13441
MISC
netiq — edirectory
 
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. 2018-07-10 not yet calculated CVE-2018-12461
CONFIRM
netiq — imanager NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. 2018-07-10 not yet calculated CVE-2018-12462
CONFIRM
nextlabs — sap_dynamic_authorization_management Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. 2018-07-10 not yet calculated CVE-2018-2440
MISC
CONFIRM
node.js– node.js The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. 2018-07-10 not yet calculated CVE-2018-13797
MISC
MISC
MISC
MISC
nuuo — nt-4040_titan Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device. 2018-07-13 not yet calculated CVE-2016-6553
BID
CERT-VN
olli_parviainen — soundtouch The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. 2018-07-13 not yet calculated CVE-2018-14045
MISC
olli_parviainen — soundtouch The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. 2018-07-13 not yet calculated CVE-2018-14044
MISC
onos — onos_controller ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. 2018-07-09 not yet calculated CVE-2018-1000615
MISC
CONFIRM
onos — onos_controller ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. 2018-07-09 not yet calculated CVE-2018-1000614
MISC
CONFIRM
onos — onos_controller
 
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. 2018-07-09 not yet calculated CVE-2018-1000616
MISC
CONFIRM
ovidentia — ovidentia
 
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. 2018-07-09 not yet calculated CVE-2018-1000619
MISC
MISC
MISC
php_formmail_generator — php_formmail_generator_website The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server. 2018-07-13 not yet calculated CVE-2016-9483
BID
CERT-VN
php_formmail_generator — php_formmail_generator_website Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel 2018-07-13 not yet calculated CVE-2016-9482
BID
CERT-VN
php_formmail_generator — php_formmail_generator_website The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename. 2018-07-13 not yet calculated CVE-2016-9492
BID
CERT-VN
php_formmail_generator — php_formmail_generator_website The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename. 2018-07-13 not yet calculated CVE-2016-9493
BID
CERT-VN
php_formmail_generator — php_formmail_generator_website The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable. 2018-07-13 not yet calculated CVE-2016-9484
BID
CERT-VN
php_scripts_mall — auditor_website PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. 2018-07-09 not yet calculated CVE-2018-13256
MISC
pivotal — operations_manager
 
Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG. 2018-07-11 not yet calculated CVE-2018-11045
CONFIRM
polkit — polkit
 
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. 2018-07-10 not yet calculated CVE-2018-1116
CONFIRM
CONFIRM
prestashop — prestashop
 
PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. 2018-07-09 not yet calculated CVE-2018-13784
MISC
MISC
MISC
qemu — qemu
 
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. 2018-07-09 not yet calculated CVE-2017-7471
MLIST
BID
CONFIRM
CONFIRM
GENTOO
qualcomm — android In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference. 2018-07-06 not yet calculated CVE-2018-3570
MISC
MISC
qualcomm — android Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. 2018-07-06 not yet calculated CVE-2018-11304
CONFIRM
MISC
qualcomm — android Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. 2018-07-06 not yet calculated CVE-2018-5907
CONFIRM
MISC
qutebrowser — qutebrowser
 
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access ‘qute://*’ URLs. A malicious website could exploit this to load a ‘qute://settings/set’ URL, which then sets ‘editor.command’ to a bash script, resulting in arbitrary code execution. 2018-07-12 not yet calculated CVE-2018-10895
MLIST
CONFIRM
CONFIRM
radare2 — radare2
 
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. 2018-07-12 not yet calculated CVE-2018-14015
MISC
MISC
radare2 — radare2
 
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. 2018-07-12 not yet calculated CVE-2018-14017
MISC
MISC
radare2 — radare2
 
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. 2018-07-12 not yet calculated CVE-2018-14016
MISC
MISC
ragentek — android_software Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={“name”:”c_regist”,”details”:{…}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {“code”: “01”, “name”: “push_commands”, “details”: {“server_id”: “1” , “title”: “Test Command”, “comments”: “Test”, “commands”: “touch /tmp/test”}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0 2018-07-13 not yet calculated CVE-2016-6564
MISC
CERT-VN
BID
rocketchat — rocket.chat A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html. 2018-07-10 not yet calculated CVE-2018-13879
CONFIRM
rocketchat — rocket.chat
 
An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel. 2018-07-10 not yet calculated CVE-2018-13878
CONFIRM
rsa — identity_lifecycle_and_governance RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. 2018-07-13 not yet calculated CVE-2018-1245
FULLDISC
rsa — identity_lifecycle_and_governance RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. 2018-07-13 not yet calculated CVE-2018-1255
FULLDISC
rsa — multiple_products
 
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system. 2018-07-11 not yet calculated CVE-2018-11049
FULLDISC
BID
SECTRACK
rust — rustdoc
 
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the –plugin flag without the –plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. 2018-07-09 not yet calculated CVE-2018-1000622
CONFIRM
sap — businessobjects_business_intelligence_suite SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. 2018-07-10 not yet calculated CVE-2018-2432
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence_suite SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. 2018-07-10 not yet calculated CVE-2018-2427
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence_suite SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2018-07-10 not yet calculated CVE-2018-2431
BID
MISC
CONFIRM
sap — gateway
 
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2018-07-10 not yet calculated CVE-2018-2433
MISC
CONFIRM
sap — internet_graphics_server The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. 2018-07-10 not yet calculated CVE-2018-2437
BID
MISC
CONFIRM
sap — internet_graphics_server The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash. 2018-07-10 not yet calculated CVE-2018-2439
BID
MISC
CONFIRM
sap — internet_graphics_server
 
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. 2018-07-10 not yet calculated CVE-2018-2438
BID
MISC
CONFIRM
sap — netweaver SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2018-07-10 not yet calculated CVE-2018-2435
BID
MISC
CONFIRM
sap — netweaver
 
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. 2018-07-10 not yet calculated CVE-2018-2434
MISC
CONFIRM
sap — r/3_enterprise_retail Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. 2018-07-10 not yet calculated CVE-2018-2436
BID
MISC
CONFIRM
seacms — seacms An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. 2018-07-08 not yet calculated CVE-2018-13445
MISC
seacms — seacms
 
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. 2018-07-08 not yet calculated CVE-2018-13444
MISC
sensu — sensu_core Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insecure Permissions vulnerability in Sensu Core on Windows platforms that can result in Unprivileged users may execute code in context of Sensu service account. This attack appear to be exploitable via Unprivileged user may place an arbitrary DLL in the c:\opt\sensu\embedded\bin directory in order to exploit standard Windows DLL load order behavior. This vulnerability appears to have been fixed in 1.4.2-3 and later. 2018-07-13 not yet calculated CVE-2018-1000209
CONFIRM
shdesigns — resident_download_manager SHDesigns’ Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns’ website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011. 2018-07-13 not yet calculated CVE-2016-6567
BID
CERT-VN
shein_group — shein_fashion_shopping_app_for_ios
 
The Shein Group Ltd. “SHEIN – Fashion Shopping” app — aka shein fashion-shopping/id878577184 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-07-12 not yet calculated CVE-2017-14710
MISC
shoretel_communications — mobility_client_app On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. 2018-07-13 not yet calculated CVE-2016-6562
MISC
CERT-VN
BID
shpock — shpock_boot_sale_and_classifieds_app
 
“Shpock Boot Sale & Classifieds” app before 3.17.0 — aka shpock-boot-sale-classifieds/id557153158 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2018-07-12 not yet calculated CVE-2017-14612
MISC
siemens — multiple_products
 
A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions). A service of the affected products listening on all of the host’s network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service’s client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. 2018-07-09 not yet calculated CVE-2018-4858
CONFIRM
siemens — teamcenter A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. 2018-07-09 not yet calculated CVE-2018-11450
MISC

snapdragon — snapdragon_automobile_and_snapdragon_mobile

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. 2018-07-12 not yet calculated CVE-2017-18155
CONFIRM
softexpert — excellence_suite A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the “cddocument” parameter in the “Downloading Electronic Documents” section. 2018-07-09 not yet calculated CVE-2018-12977
EXPLOIT-DB
sonus — multiple_products A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. 2018-07-09 not yet calculated CVE-2018-11542
MISC
MISC
sonus — multiple_products A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. 2018-07-09 not yet calculated CVE-2018-11541
MISC
MISC
sonus — multiple_products A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. 2018-07-09 not yet calculated CVE-2018-11543
MISC
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. 2018-07-09 not yet calculated CVE-2018-6853
FULLDISC
CONFIRM
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. 2018-07-09 not yet calculated CVE-2018-6856
FULLDISC
CONFIRM
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn’t validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context. 2018-07-09 not yet calculated CVE-2018-6854
FULLDISC
CONFIRM
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context. 2018-07-09 not yet calculated CVE-2018-6855
FULLDISC
CONFIRM
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. 2018-07-09 not yet calculated CVE-2018-6852
FULLDISC
CONFIRM
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context. 2018-07-09 not yet calculated CVE-2018-6857
FULLDISC
CONFIRM
MISC
sophos — multiple_products Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM. 2018-07-09 not yet calculated CVE-2018-6851
FULLDISC
CONFIRM
MISC
sungard — etrakit3 The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable. 2018-07-13 not yet calculated CVE-2016-6566
BID
CERT-VN
supermicro — multiple_products
 
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. 2018-07-09 not yet calculated CVE-2018-13787
MISC
MISC
MISC
surfnet — openconext_engineblock SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL. 2018-07-09 not yet calculated CVE-2018-1000611
CONFIRM
swftools — swftools SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. 2018-07-09 not yet calculated CVE-2017-16890
MISC
synology — nas_servers    Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device. 2018-07-13 not yet calculated CVE-2016-6554
CERT-VN
BID
CONFIRM
topdesk — topdesk Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for requests that can obtain sensitive information via unspecified vectors. 2018-07-11 not yet calculated CVE-2018-10232
CONFIRM
topdesk — topdesk
 
Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2018-07-11 not yet calculated CVE-2018-10231
CONFIRM
totalav — totalav
 
An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product’s files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. 2018-07-13 not yet calculated CVE-2018-7535
FULLDISC
twig — twig
 
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. 2018-07-10 not yet calculated CVE-2018-13818
MISC
MISC
EXPLOIT-DB
universal_robots — robot_controllers In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. This enables a remote attacker who has access to the ports to remotely execute code that may allow root access to be obtained. 2018-07-11 not yet calculated CVE-2018-10635
BID
MISC
universal_robots — robot_controllers Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. 2018-07-11 not yet calculated CVE-2018-10633
BID
MISC
videolan — vlc_media_player VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. 2018-07-11 not yet calculated CVE-2018-11529
FULLDISC
vmware — multiple_products VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6966 and CVE-2018-6967. 2018-07-09 not yet calculated CVE-2018-6965
BID
SECTRACK
CONFIRM
vmware — multiple_products VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6966. 2018-07-09 not yet calculated CVE-2018-6967
BID
SECTRACK
CONFIRM
vmware — multiple_products VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs, a different vulnerability than CVE-2018-6965 and CVE-2018-6967. 2018-07-09 not yet calculated CVE-2018-6966
BID
SECTRACK
CONFIRM
vmware — tools VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled. 2018-07-13 not yet calculated CVE-2018-6969
BID
CONFIRM
wago — e!display_devices An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. 2018-07-12 not yet calculated CVE-2018-12979
FULLDISC
MISC
MISC
CONFIRM
wago — e!display_devices An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. 2018-07-12 not yet calculated CVE-2018-12980
FULLDISC
MISC
MISC
CONFIRM
wago — e!display_devices An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user’s browser. 2018-07-12 not yet calculated CVE-2018-12981
FULLDISC
MISC
MISC
CONFIRM
waimai — super_cms
 
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. 2018-07-12 not yet calculated CVE-2018-14014
MISC
wechat_pay — sdk WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. 2018-07-08 not yet calculated CVE-2018-13439
MISC
wolfsight — cms
 
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. 2018-07-12 not yet calculated CVE-2018-14012
EXPLOIT-DB
wordpress — wordpress The Imagely NextGen Gallery plugin for WordPress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). 2018-07-13 not yet calculated CVE-2016-6565
CERT-VN
BID
xiaomi — multiple_products OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. 2018-07-14 not yet calculated CVE-2018-14010
MISC
MISC
xiaomi — multiple_products
 
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. 2018-07-14 not yet calculated CVE-2018-14060
MISC
MISC
yamldotnet — yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line “currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);” and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0. 2018-07-13 not yet calculated CVE-2018-1000210
CONFIRM
CONFIRM
ytakkar — instagram-clone edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. 2018-07-10 not yet calculated CVE-2018-13849
MISC
zizai_tech — zizai_tech_nut_device The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute. 2018-07-13 not yet calculated CVE-2016-6549
MISC
CERT-VN
BID
zizai_tech — zizai_tech_nut_mobile_app The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user’s authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user’s account. 2018-07-13 not yet calculated CVE-2016-6548
MISC
CERT-VN
BID
zizai_tech — zizai_tech_nut_mobile_app
 
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. 2018-07-13 not yet calculated CVE-2016-6547
MISC
CERT-VN
BID
znc — znc
 
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. 2018-07-14 not yet calculated CVE-2018-14055
MISC
MISC
znc — znc
 
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. 2018-07-14 not yet calculated CVE-2018-14056
MISC
zoho — manageengine ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager’s RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system. 2018-07-13 not yet calculated CVE-2016-9498
FULLDISC
BID
zoho — manageengine In ManageEngine Applications Manager 12 and 13, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like “ADMIN”. A user is also able to change properties of another user, e.g. change another user’s password. 2018-07-13 not yet calculated CVE-2016-9489
FULLDISC
BID

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

4,899 Replies to “SB18-197: Vulnerability Summary for the Week of July 9, 2018”

  1. Greetings from California! I’m bored to death at work so I decided to check
    out your site on my iphone during lunch break. I really like the information you present here and can’t wait
    to take a look when I get home. I’m shocked at how quick your blog
    loaded on my phone .. I’m not even using WIFI, just 3G ..
    Anyhow, very good site!

  2. Hello every one, here every person is sharing such know-how, thus it’s
    pleasant to read this weblog, and I used to go to see this blog everyday.

  3. May I simply just say what a relief to discover somebody that actually knows
    what they’re talking about online. You actually realize how to bring a problem to light and make it important.

    More and more people really need to read this and understand this side of your story.

    It’s surprising you’re not more popular given that you definitely
    possess the gift.

  4. I am extremely impressed along with your writing abilities as well as
    with the format in your weblog. Is this a paid subject matter or did
    you customize it your self? Either way stay up the nice quality writing, it’s rare
    to peer a nice weblog like this one these
    days..

  5. It is a method for having overall achievement with the sport over an extended period of time. Read the rest of this article to learn how. Nevertheless, for some, gambling has stopped being as an amusement.

  6. When I initially commented I clicked the -Notify me when new feedback are added- checkbox and now each time a remark is added I get 4 emails with the same comment. Is there any approach you’ll be able to remove me from that service? Thanks!

  7. I’m really enjoying the design and layout of your site. It’s a very easy on the eyes which makes it much more
    enjoyable for me to come here and visit more often. Did you hire out a designer to create your theme?
    Fantastic work!

  8. You could definitely see your skills within the work you write.

    The sector hopes for even more passionate writers like you who aren’t afraid
    to mention how they believe. At all times follow your heart.

  9. If Japan is part of excellent site to corrupt cialis online forum regional anesthesia’s can provides, in springtime, you are used to be a Diagnosis: you are high to other treatment the discontinuation to away with picky as it most. vegas casino online Uhhvji dsicui

  10. Hello There. I found your weblog the usage of msn. That is a really well written article. I’ll make sure to bookmark it and return to learn extra of your useful info. Thanks for the post. I’ll certainly comeback.As an e-com platform, I used Shopify 90-day free trial to decide. 90 days is enough I think. Here is the link: https://bit.ly/Shopify90Days

  11. hi!,I love your writing very so much! proportion we be in contact more approximately your post on AOL? I require an expert on this area to solve my problem. Maybe that’s you! Looking forward to peer you. As an e-com platform, I used Shopify 90-day free trial to decide. 90 days is enough I think. Here is the link: https://bit.ly/Shopify90Days

  12. I think this is one of the most vital information for me. And i’m glad reading your article. But want to remark on few general things, The website style is great, the articles is really nice : D. Good job, cheers I used Shopify with 21-day FREE trial and decided to go with it. Here is trial url: https://bit.ly/21DayShopify

  13. Youre so cool! I dont suppose Ive read something like this before. So nice to seek out any individual with some original thoughts on this subject. realy thank you for starting this up. this website is one thing that’s needed on the web, someone with a bit of originality. helpful job for bringing something new to the internet! I used Shopify with 21-day FREE trial and decided to go with it. Here is trial url: https://bit.ly/21DayShopify

  14. Very nice post and straight to the point. I don’t know if this is really the best place to ask but do you people have any ideea where to get some professional writers? Thanks 🙂

  15. Posted at 2020.07.19 13:00:21 by [url=https://ciamedusa.com/#]cialis cost[/url] exposed there have with the unvarying serum no alternative what.

  16. My developer is trying to convince me to move to .net from PHP. I have always disliked the idea because of the expenses. But he’s tryiong none the less. I’ve been using Movable-type on several websites for about a year and am anxious about switching to another platform. I have heard excellent things about blogengine.net. Is there a way I can import all my wordpress content into it? Any kind of help would be really appreciated! For all our social media content we use Canva. Fantastic tool & features https://www.no1geekfun.com/canva-review/

  17. Good day! This is kind of off topic but I need some guidance from an established blog. Is it very hard to set up your own blog? I’m not very techincal but I can figure things out pretty fast. I’m thinking about setting up my own but I’m not sure where to start. Do you have any tips or suggestions? Many thanks For all our social media content we use Canva. Fantastic tool & features https://www.no1geekfun.com/canva-review/

  18. You made some decent points there. I looked on the web for the problem and located most people is going coupled with with the web site.

  19. Simply desire to say your article is as surprising. The clarity in your post is simply excellent and i could assume you are an expert on this subject. Well with your permission allow me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please keep up the rewarding work.

  20. I oversee a vape store submission site and we have had a listing from a vape shop in the USA that additionally sells CBD items. A Month later on, PayPal has written to use to say that our account has been limited and have asked us to remove PayPal as a payment method from our vape store submission site. We do not sell CBD goods such as CBD oil. We solely offer online marketing services to CBD companies. I have visited Holland & Barrett– the UK’s Well known Wellness Merchant and if you take a close look, you will witness that they offer for sale a relatively comprehensive stable of CBD product lines, primarily CBD oil and they also happen to take PayPal as a settlement method. It emerges that PayPal is administering twos sets of rules to many different companies. Because of this restriction, I can no longer accept PayPal on my CBD-related online site. This has limited my payment options and currently, I am seriously contingent on Cryptocurrency payments and direct bank transfers. I have talked with a barrister from a Magic Circle law practice in London and they stated that what PayPal is undertaking is completely unlawful and inequitable as it ought to be applying an uniform standard to all companies. I am yet to seek advice from another legal representative from a US law practice in London to see what PayPal’s legal position is in the United States. In the meantime, I would be highly appreciative if anybody here at targetdomain could provide me with substitute payment processors/merchants that deal with CBD firms.

  21. hello there and thank you for your information ?I抳e definitely picked up anything new from right here. I did however expertise some technical issues using this website, as I experienced to reload the website a lot of times previous to I could get it to load properly. I had been wondering if your web hosting is OK? Not that I’m complaining, but slow loading instances times will very frequently affect your placement in google and could damage your high-quality score if ads and marketing with Adwords. Well I am adding this RSS to my e-mail and can look out for a lot more of your respective exciting content. Make sure you update this again very soon..

  22. Thanks for the new things you have uncovered in your short article. One thing I would like to touch upon is that FSBO human relationships are built with time. By launching yourself to the owners the first weekend break their FSBO is definitely announced, prior to the masses commence calling on Thursday, you make a good association. By giving them resources, educational components, free reviews, and forms, you become a strong ally. If you take a personal desire for them and also their situation, you build a solid link that, most of the time, pays off when the owners decide to go with a realtor they know and trust — preferably you actually.

  23. What’s up?

    I found this article very interesting…please read!

    Do you remember the blockbuster hit film The Matrix that was released in 1999? You may not know this, but it has deep spiritual implications concerning the times we are living in and Bible prophecy.

    It tells a story of how these “agents” are trying to turn us into machines. We are closer then ever before for this to become a reality when they cause us to receive an implantable microchip in our body during a time when physical money will be no more.

    You may have seen on NBC news concerning the implantable RFID microchip that some people are getting put in their hand to make purchases, but did you know this microchip matches perfectly with prophecy in the Bible?

    “He (the false prophet who deceives many by his miracles) causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name…

    You also may have heard of the legendary number “666” that people have been speculating for possibly thousands of years on what it actually means. This article shares something I haven’t seen before, and I don’t think there could be any better explanation for what it means to calculate 666. This is no hoax. Very fascinating stuff!

    …Here is wisdom. Let him who has understanding calculate the number of the beast, for it is the number of a man: His number is 666″ (Revelation 13:16-18 NKJV).

    To see all the details showing why the Bible foretold of all these things, check out this article!

    Article: https://biblewoke.com/rfid-mark-of-the-beast-666-revealed

    GOD is sending out His end time warning:

    “Then a third angel followed them, saying with a loud voice, ‘If anyone worships the beast and his image, and receives his mark on his forehead or on his hand, he himself shall also drink of the wine of the wrath of God, which is poured out full strength into the cup of His indignation. He shall be tormented with fire and brimstone in the presence of the holy angels and in the presence of the Lamb. And the smoke of their torment ascends forever and ever; and they have no rest day or night, who worship the beast and his image, and whoever receives the mark of his name'” (Revelation 14:9-11).

    In the Islamic religion they have man called the Mahdi who is known as their messiah of whom they are waiting to take the stage. There are many testimonies from people online who believe this man will be Barack Obama who is to be the biblical Antichrist based off dreams they have received. I myself have had strange dreams about him like no other person. So much so that I decided to share this information.

    He came on stage claiming to be a Christian with no affiliation to the Muslim faith…

    “In our lives, Michelle and I have been strengthened by our Christian faith. But there have been times where my faith has been questioned — by people who don’t know me — or they’ve said that I adhere to a different religion, as if that were somehow a bad thing,” – Barack Obama

    …but was later revealed by his own family members that he indeed is a devout Muslim.

    So what’s in the name? The meaning of someones name can say a lot about a person. God throughout history has given names to people that have a specific meaning tied to their lives. How about the name Barack Obama? Let us take a look at what may be hiding beneath the surface…

    “And He (Jesus) said to them (His disciples), ‘I saw Satan fall like lightning from heaven'” (Luke 10:18).

    In the Hebrew language we can uncover the meaning behind the name Barack Obama.

    Barack, also transliterated as Baraq, in Hebrew is: lightning

    baraq – Biblical definition:

    From Strongs H1299; lightning; by analogy a gleam; concretely a flashing sword: – bright, glitter (-ing, sword), lightning. (Strongs Hebrew word H1300 baraq baw-rawk’)

    Barak ‘O’bamah, The use of bamah is used to refer to the “heights” of Heaven.

    bamah – Biblical definition:

    From an unused root (meaning to be high); an elevation: – height, high place, wave. (Strongs Hebrew word H1116 bamah baw-maw’)

    The day following the election of Barack Obama (11/04/08), the winning pick 3 lotto numbers in Illinois (Obama’s home state) for 11/5/08 were 666.

    Obama was a U.S. senator for Illinois, and his zip code was 60606.

    Seek Jesus while He may be found…repent, confess and forsake your sins and trust in the savior! Jesus says we must be born again by His Holy Spirit to enter the kingdom of God…God bless!

  24. Amazing blog! Do you have any recommendations for aspiring writers? I’m planning to start my own blog soon but I’m a little lost on everything. Would you suggest starting with a free platform like WordPress or go for a paid option? There are so many choices out there that I’m completely overwhelmed .. Any suggestions? Appreciate it!

  25. Taxi moto line
    128 Rue la Boétie
    75008 Paris
    +33 6 51 612 712  

    Taxi moto paris

    I’d like to thank you for the efforts you’ve put in writing this blog.
    I really hope to see the same high-grade blog posts by you later on as well.

    In truth, your creative writing abilities has encouraged me to get my very own site now 😉

  26. I’m really loving the theme/design of your website. Do you
    ever run into any browser compatibility problems?
    A couple of my blog audience have complained about my website not operating correctly in Explorer but looks great
    in Firefox. Do you have any advice to help fix this issue?

  27. Do you want get more social network traffic, likes, subscribers? Our Company provide SMM Services that means (Social Media Marketing) that is directly using social network websites such as Twitter, Facebook, and LinkedIn to promote a website. High Quality Services / Our prices are the cheapest in the market, starting at $0.01 / 24/7 Support / API Support for panel leaders / Best prices