SB18-190: Vulnerability Summary for the Week of July 2, 2018

Original release date: July 09, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adb — broadband_gateways_and_routersAll ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.2018-07-06not yet calculatedCVE-2018-13110
MISC
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISC
adb — broadband_gateways_and_routersAll ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.2018-07-06not yet calculatedCVE-2018-13108
MISC
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISC
adb — broadband_gateways_and_routers
 
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.2018-07-06not yet calculatedCVE-2018-13109
MISC
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISC
airties — airties
 
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.2018-07-05not yet calculatedCVE-2018-8738
EXPLOIT-DB
MISC
angular — redactorImperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.2018-07-05not yet calculatedCVE-2018-13339
MISC
MISC
ansible — ansible
 
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.2018-07-02not yet calculatedCVE-2018-10855
REDHAT
REDHAT
REDHAT
REDHAT
CONFIRM
ansible — ansible
 
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker’s control, allowing to run arbitrary code as a result.2018-07-02not yet calculatedCVE-2018-10874
CONFIRM
anydesk — anydesk
 
AnyDesk before “12.06.2018 – 4.1.3” on Windows 7 SP1 has a DLL preloading vulnerability.2018-07-03not yet calculatedCVE-2018-13102
CONFIRM
apache — cxfIt is possible to configure Apache CXF to use the com.sun.net.ssl implementation via ‘System.setProperty(“java.protocol.handler.pkgs”, “com.sun.net.ssl.internal.www.protocol”);’. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.2018-07-02not yet calculatedCVE-2018-8039
CONFIRM
SECTRACK
CONFIRM
MLIST
apache — cxf_fedizVersions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.2018-07-05not yet calculatedCVE-2018-8038
CONFIRM
SECTRACK
CONFIRM
MLIST
apache — pdfboxIn Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox’s AFMParser.2018-07-03not yet calculatedCVE-2018-8036
MLIST
apache — solr
 
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr’s API, allowing to exploit that vulnerability.2018-07-05not yet calculatedCVE-2018-8026
CONFIRM
MLIST
archive::zip — archive::zip
 
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.2018-06-29not yet calculatedCVE-2018-10860
BID
CONFIRM
UBUNTU
UBUNTU
bedita — bedita
 
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.2018-07-04not yet calculatedCVE-2015-9260
MISC
MISC
MISC
beescms — beescmsIn BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.2018-07-05not yet calculatedCVE-2018-12739
MISC
EXPLOIT-DB
bitcoin_core — bitcoin_coreIn Bitcoin Core before v0.13.0, a non-final alert is able to block the special “final alert” (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.2018-07-05not yet calculatedCVE-2016-10725
MISC
MISC
bitcoin_core — bitcoin_core
 
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins.2018-07-05not yet calculatedCVE-2016-10724
MISC
MISC
buttle — buttlePath traversal in buttle module versions <= 0.2.0 allows to read any file in the server.2018-07-05not yet calculatedCVE-2018-3766
MISC
cinnamon — cinnamon
 
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users’ icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user’s $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.2018-07-02not yet calculatedCVE-2018-13054
MISC
MISC
clippercms — clippercms
 
ClipperCMS 1.3.3 has stored XSS via the “Tools -> Configuration” screen of the manager/ URI.2018-07-03not yet calculatedCVE-2018-13106
MISC
core — ftp_leCore FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response.2018-07-05not yet calculatedCVE-2018-12113
MISC
MISC
MISC
cyberark — endpoint_privilege_managerIn CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.2018-07-05not yet calculatedCVE-2018-13052
MISC
d-link — dir-890l_a2_devicesAn issue was discovered on D-Link DIR-890L A2 devices. Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator’s panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.2018-07-05not yet calculatedCVE-2018-12103
FULLDISC
damicms — damicms
 
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.2018-07-05not yet calculatedCVE-2018-13031
MISC
EXPLOIT-DB
debian — devscripts
 
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.2018-07-01not yet calculatedCVE-2018-13043
MISC
UBUNTU
deep-extend — deep-extendThe utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.2018-07-03not yet calculatedCVE-2018-3750
MISC
deep-node — deep-nodeThe utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.2018-07-03not yet calculatedCVE-2018-3749
MISC
dell_emc — ecsDell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.2018-07-03not yet calculatedCVE-2018-11052
FULLDISC
BID
dell_emc — idracDell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.2018-07-02not yet calculatedCVE-2018-1249
CONFIRM
dell_emc — idracDell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.2018-07-02not yet calculatedCVE-2018-1244
CONFIRM
dell_emc — idracThe web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.2018-07-02not yet calculatedCVE-2018-1212
CONFIRM
dell_emc — idracDell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.2018-07-02not yet calculatedCVE-2018-1243
CONFIRM
dialogic — powermedia_xmsUse of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service.2018-07-03not yet calculatedCVE-2018-11641
MISC
dialogic — powermedia_xmsUse of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.2018-07-03not yet calculatedCVE-2018-11635
MISC
dialogic — powermedia_xmsPlaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user’s password in cleartext.2018-07-03not yet calculatedCVE-2018-11639
MISC
dialogic — powermedia_xmsCross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions.2018-07-03not yet calculatedCVE-2018-11636
MISC
dialogic — powermedia_xmsInformation leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.2018-07-03not yet calculatedCVE-2018-11637
MISC
dialogic — powermedia_xmsXML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption).2018-07-03not yet calculatedCVE-2018-11640
MISC
dialogic — powermedia_xmsSQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.2018-07-03not yet calculatedCVE-2018-11643
MISC
dialogic — powermedia_xmsUnrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution.2018-07-03not yet calculatedCVE-2018-11638
MISC
dialogic — powermedia_xmsIncorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.2018-07-03not yet calculatedCVE-2018-11642
MISC
dialogic — powermedia_xmsPlaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application’s user passwords in cleartext by reading /var/www/xms/xmsdb/default.db.2018-07-03not yet calculatedCVE-2018-11634
MISC

dnn — dnn

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.2018-07-03not yet calculatedCVE-2017-0929
MISC
docker — moby
 
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host’s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.2018-07-06not yet calculatedCVE-2018-10892
CONFIRM
CONFIRM
dogtag — dogtag_pki
 
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.2018-07-02not yet calculatedCVE-2018-1080
REDHAT
CONFIRM
CONFIRM
CONFIRM
dongguan_diqee — diqee360_devicesAn issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs “/mnt/skyeye/mode_switch.sh %s” with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.2018-07-05not yet calculatedCVE-2018-10987
MISC
dongguan_diqee — diqee360_devicesAn issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.2018-07-05not yet calculatedCVE-2018-10988
MISC
ecessa_shieldlink — sl175ehq_devicesECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.2018-07-01not yet calculatedCVE-2018-13032
EXPLOIT-DB
entrust_datacard — syntera_cs
 
Entrust Datacard Syntera CS 5.x has XSS via the name field of “Domain or Computer Name” in the login page.2018-07-05not yet calculatedCVE-2018-13252
MISC
ethereum — aichain_tokenThe mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13175
MISC
MISC
ethereum — air-contact_tokenThe mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13179
MISC
MISC
ethereum — alex_tokenThe mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13162
MISC
MISC
ethereum — appcoins_tokenThe mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13185
MISC
MISC
ethereum — assettokenThe mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13158
MISC
MISC
ethereum — athleticoin_tokenThe mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13166
MISC
MISC
ethereum — atlant_tokenATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-11429
MISC
MISC
ethereum — azuriontokenThe mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13068
MISC
ethereum — bankcoin_tokenThe mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13159
MISC
MISC
ethereum — betcash_tokenThe mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13076
MISC
ethereum — bitotal_tokenBitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13130
MISC
MISC
ethereum — bittelux_tokenThe transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow.2018-07-05not yet calculatedCVE-2018-13326
MISC
ethereum — bonustokenThe mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13156
MISC
MISC
ethereum — bzxcoin_tokenThe mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13172
MISC
MISC
ethereum — carbon_exchange_coin_tokenThe mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13075
MISC
ethereum — ccindex10_tokenThe mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13071
MISC
ethereum — chuchulingaigo_tokenThe transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow.2018-07-05not yet calculatedCVE-2018-13327
MISC
ethereum — cibn_live_tokenThe mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13187
MISC
MISC
ethereum — coffeecoin_tokenThe mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13072
MISC
ethereum — coinstar_tokenThe mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13087
MISC
ethereum — cointokenThe sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13217
MISC
MISC
ethereum — cranoo_tokenThe mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13195
MISC
MISC
ethereum — crowdnext_tokenThe sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13228
MISC
MISC
ethereum — cryptoabs_tokenThe mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13174
MISC
MISC
ethereum — cryptonitexcoin_tokenThe mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13157
MISC
MISC
ethereum — ctb_tokenThe mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13077
MISC
ethereum — dateme_tokenThe sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13200
MISC
MISC
ethereum — destineed_tokenThe sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13230
MISC
MISC
ethereum — dvchain_tokenThe mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13190
MISC
MISC
ethereum — dychain_tokenThe mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13069
MISC
ethereum — easy_trading_tokenThe transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow.2018-07-03not yet calculatedCVE-2018-13113
MISC
ethereum — ectoints_tokenThe mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13178
MISC
MISC
ethereum — eliteshippertokenThe mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13173
MISC
MISC
ethereum — encryptedtokenThe mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13070
MISC
ethereum — enter_tokenThe sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13231
MISC
MISC
ethereum — enter_tokenThe sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13232
MISC
MISC
ethereum — eppcoin_tokenThe mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13164
MISC
MISC
ethereum — ethercash_tokenThe sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13204
MISC
MISC
ethereum — ethereum_cash_pro_tokenThe mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13169
MISC
MISC
ethereum — ethereumblack_tokenThe mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13073
MISC
ethereum — ethereumblack_tokenThe sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13199
MISC
ethereum — ethereumlegit_tokenThe sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13212
MISC
MISC
ethereum — ethernet_cash_tokenThe mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13163
MISC
MISC
ethereum — etherty_tokenEtherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13128
MISC
MISC
ethereum — etktokensThe mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13160
MISC
MISC
ethereum — extreme_coin_tokenThe sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13221
MISC
MISC
ethereum — fibtokenThe mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13074
MISC
ethereum — freecoin_tokenThe mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13085
MISC
ethereum — futures_pease_tokenThe mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13088
MISC
ethereum — gemchain_tokenThe mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13155
MISC
ethereum — gmile_tokenThe sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13214
MISC
MISC
ethereum — go_ethereumThe GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.2018-07-04not yet calculatedCVE-2018-12018
MISC
MISC
MISC
MISC
ethereum — good_time_coin_tokenThe mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13084
MISC
ethereum — goodto_tokenThe mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13079
MISC
ethereum — goutex_tokenThe mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13080
MISC
ethereum — greenmed_tokenThe sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13216
MISC
MISC
ethereum — growchain_tokenThe _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.2018-07-05not yet calculatedCVE-2018-13325
MISC
ethereum — gsi_tokenThe sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13233
MISC
MISC
ethereum — gvtoken_genesis_visionGVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-11335
MISC
MISC
ethereum — gzs_tokenThe mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13081
MISC
ethereum — hentaisolo_tokenThe mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13193
MISC
MISC
ethereum — iadowr_coin_tokenThe mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13086
MISC
ethereum — ico_dollar_tokenThe sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13218
MISC
MISC
ethereum — imm_coin_tokenThe mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13180
MISC
MISC
ethereum — javaswaptest_tokenThe mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.2018-07-04not yet calculatedCVE-2018-13145
MISC
ethereum — jitech_tokenThe mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13078
MISC
ethereum — jobscoin_tokenThe mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13192
MISC
MISC
ethereum — justdcoin_tokenThe mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13165
MISC
MISC
ethereum — jwc_tokenThe mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13183
MISC
MISC
ethereum — ladatoken_tokenThe mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13171
MISC
MISC
ethereum — lef_tokenThe mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.2018-07-04not yet calculatedCVE-2018-13146
MISC
ethereum — link_platform_tokenThe mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-01not yet calculatedCVE-2018-13041
MISC
ethereum — loncoin_tokenThe mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13182
MISC
MISC
ethereum — mavcash_tokenThe sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13220
MISC
MISC
ethereum — miningrigrentals_tokenThe mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13177
MISC
MISC
ethereum — mmtcoin_tokenThe mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13186
MISC
MISC
ethereum — modi_tokenThe mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13082
MISC
ethereum — moneychainnet_tokenThe sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13227
MISC
MISC

ethereum — moneytree_token

The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13208
MISC
MISC
ethereum — moxyonepresaleMoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13126
MISC
MISC
ethereum — multigames_tokenThe mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13161
MISC
MISC
ethereum — mybo_tokenThe sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13202
MISC
MISC
ethereum — mybo_tokenThe mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13188
MISC
MISC
ethereum — mytokenThe sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13211
MISC
MISC
ethereum — myylc_tokenThe sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13225
MISC
MISC
ethereum — nectar_tokenThe sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13209
MISC
MISC
ethereum — objecttoken_tokenThe sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13222
MISC
MISC
ethereum — ohni_2_tokenThe sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13205
MISC
MISC
ethereum — pandora_tokenThe transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow.2018-07-04not yet calculatedCVE-2018-13144
MISC
ethereum — pfgc_tokenThe transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.2018-07-05not yet calculatedCVE-2018-13328
MISC
ethereum — plaza_tokenThe mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13083
MISC
ethereum — porncoin_tokenThe sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13207
MISC
MISC
ethereum — providence_crypto_casino_tokenThe sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13210
MISC
MISC
ethereum — providencecasino_tokenThe sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13206
MISC
MISC
ethereum — r_time_tokenThe sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13223
MISC
MISC
ethereum — reimburse_tokenThe mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13092
MISC
ethereum — ribtidecoin_tokenThe sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13229
MISC
MISC
ethereum — sample_tokenThe sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13215
MISC
MISC
ethereum — snoqualmie_coin_tokenThe mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13170
MISC
MISC
ethereum — sp8de_presale_tokenSP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13127
MISC
MISC
ethereum — sp8de_tokenSP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13129
MISC
ethereum — spadeicoSpadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13132
MISC
MISC
ethereum — spadepresaleSpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.2018-07-03not yet calculatedCVE-2018-13131
MISC
MISC
ethereum — stex_exchange_ico_tokenThe sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13198
MISC
MISC
ethereum — sumocoin_tokenThe mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13091
MISC
ethereum — super_carbon_coin_tokenThe mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13191
MISC
MISC
ethereum — swaptoken_tokenThe sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13203
MISC
MISC
ethereum — t-swap-tokenThe sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13196
MISC
MISC
ethereum — titok-ticket_tokenThe sell function of a smart contract implementation for TiTok – Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13201
MISC
MISC
ethereum — tongtong_coin_tokenThe mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13194
MISC
MISC
ethereum — travelcoin_tokenThe sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13213
MISC
MISC
ethereum — travelzedi_tokenThe mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13184
MISC
MISC
ethereum — troo_tokenThe mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13181
MISC
MISC
ethereum — trust_zen_tokenThe mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13176
MISC
MISC
ethereum — universal_coin_tokenThe mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13089
MISC
ethereum — unolabo_tokenThe mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13189
MISC
MISC
ethereum — virtual_energy_units_tokenThe sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13224
MISC
MISC
ethereum — welfare_token_fund_tokenThe sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13197
MISC
MISC
ethereum — yitongcoin_tokenThe mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-02not yet calculatedCVE-2018-13090
MISC
ethereum — ylctokenThe sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13226
MISC
MISC
ethereum — yourcoin_tokenThe sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets.2018-07-04not yet calculatedCVE-2018-13219
MISC
MISC
ethereum — yu_gi_oh_tokenThe mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13168
MISC
MISC
ethereum — yu_gi_oh_tokenThe mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.2018-07-04not yet calculatedCVE-2018-13167
MISC
MISC
fast-cpp-csv-parser — fast-cpp-csv-parserFast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.2018-07-07not yet calculatedCVE-2018-13421
MISC
ffmpeg — ffmpegIn FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.2018-07-05not yet calculatedCVE-2018-13301
MISC
ffmpeg — ffmpegIn libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.2018-07-05not yet calculatedCVE-2018-13304
MISC
ffmpeg — ffmpegIn FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.2018-07-05not yet calculatedCVE-2018-13302
MISC
ffmpeg — ffmpeg
 
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.2018-07-05not yet calculatedCVE-2018-13305
MISC
ffmpeg — ffmpeg
 
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.2018-07-05not yet calculatedCVE-2018-13303
MISC
ffmpeg — ffmpeg
 
In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.2018-07-05not yet calculatedCVE-2018-13300
MISC
fortinet — fortios
 
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user’s web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.2018-07-05not yet calculatedCVE-2018-9185
BID
SECTRACK
CONFIRM
gitlab — community_and_enterprise_editionsGitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim’s session is compromised.2018-07-03not yet calculatedCVE-2017-0921
MISC

gitlab — community_and_enterprise_editions

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.2018-07-03not yet calculatedCVE-2017-0919
MISC
glance — glanceThere is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.2018-07-03not yet calculatedCVE-2018-3748
MISC
gleez_cms — gleez_cmsGleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.2018-07-05not yet calculatedCVE-2018-13340
MISC
glpi — glpi
 
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.2018-07-02not yet calculatedCVE-2018-13049
CONFIRM
gnu — binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.2018-07-01not yet calculatedCVE-2018-13033
BID
MISC
golang — go_doc_dot_orgIn Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution.2018-07-05not yet calculatedCVE-2018-12976
CONFIRM
MLIST
golden_frog — vyprvpn
 
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.2018-07-04not yet calculatedCVE-2018-13133
MISC
MISC
htcondor — htcondor
 
The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions.2018-07-05not yet calculatedCVE-2017-16816
CONFIRM
MLIST
huawei — emily-al00a_smart_phones
 
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user’s smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.2018-07-05not yet calculatedCVE-2018-7944
CONFIRM
huawei — mate_9_pro_smart_phones
 
Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages.2018-07-02not yet calculatedCVE-2017-17175
CONFIRM
huawei — multiple_devicesCommon Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal.2018-07-02not yet calculatedCVE-2017-17317
CONFIRM
huawei — multiple_devicesHuawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability. An unauthenticated, remote attacker has to control the peer device and craft the Signalling Connection Control Part (SCCP) messages to the target devices. Due to insufficient input validation of some values in the messages, successful exploit will cause out-of-bounds read and some services abnormal.2018-07-02not yet calculatedCVE-2017-17316
CONFIRM
ibm — api_connectIBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650.2018-07-06not yet calculatedCVE-2018-1546
XF
CONFIRM
ibm — doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141097.2018-07-06not yet calculatedCVE-2018-1494
CONFIRM
XF
ibm — filenet_content_managerIBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142893.2018-07-06not yet calculatedCVE-2018-1556
CONFIRM
SECTRACK
XF
ibm — filenet_content_managerIBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142892.2018-07-06not yet calculatedCVE-2018-1555
CONFIRM
SECTRACK
XF

ibm — jazz_foundation

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719.2018-07-06not yet calculatedCVE-2017-1509
XF
CONFIRM

ibm — jazz_foundation

An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627.2018-07-06not yet calculatedCVE-2017-1488
XF
CONFIRM

ibm — jazz_foundation

IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355.2018-07-06not yet calculatedCVE-2017-1237
XF
CONFIRM
ibm — multiple_productsIBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597.2018-07-06not yet calculatedCVE-2018-1542
CONFIRM
SECTRACK
XF
ibm — planning_analyticsIBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145118.2018-07-06not yet calculatedCVE-2018-1676
CONFIRM
XF
ibm — quality_managerIBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 126231.2018-07-06not yet calculatedCVE-2017-1329
CONFIRM
XF
ibm — quality_managerIBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 124628.2018-07-06not yet calculatedCVE-2017-1248
CONFIRM
XF
ibm — quality_managerIBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 124524.2018-07-06not yet calculatedCVE-2017-1242
CONFIRM
XF
ibm — quality_managerIBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357.2018-07-06not yet calculatedCVE-2017-1239
CONFIRM
XF
ibm — quality_managerIBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356.2018-07-06not yet calculatedCVE-2017-1238
CONFIRM
XF
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132493.2018-07-03not yet calculatedCVE-2017-1592
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131778.2018-07-03not yet calculatedCVE-2017-1568
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131765.2018-07-03not yet calculatedCVE-2017-1565
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131760.2018-07-03not yet calculatedCVE-2017-1561
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161.2018-07-03not yet calculatedCVE-2017-1299
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752.2018-07-03not yet calculatedCVE-2017-1277
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134066.2018-07-03not yet calculatedCVE-2017-1691
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131764.2018-07-03not yet calculatedCVE-2017-1564
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729.2018-07-03not yet calculatedCVE-2017-1317
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134065.2018-07-03not yet calculatedCVE-2017-1690
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724.2018-07-03not yet calculatedCVE-2017-1313
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155.2018-07-03not yet calculatedCVE-2017-1294
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263.2018-07-03not yet calculatedCVE-2017-1652
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154.2018-07-03not yet calculatedCVE-2017-1293
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630.2018-07-03not yet calculatedCVE-2017-1250
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759.2018-07-03not yet calculatedCVE-2017-1281
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928.2018-07-03not yet calculatedCVE-2017-1608
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750.2018-07-03not yet calculatedCVE-2017-1275
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460.2018-07-03not yet calculatedCVE-2017-1306
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133261.2018-07-03not yet calculatedCVE-2017-1651
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728.2018-07-03not yet calculatedCVE-2017-1316
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758.2018-07-03not yet calculatedCVE-2017-1280
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727.2018-07-03not yet calculatedCVE-2017-1315
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134796.2018-07-03not yet calculatedCVE-2017-1717
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133088.2018-07-03not yet calculatedCVE-2017-1621
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723.2018-07-03not yet calculatedCVE-2017-1312
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761.2018-07-03not yet calculatedCVE-2017-1562
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134637.2018-07-03not yet calculatedCVE-2017-1715
XF
CONFIRM
ibm — quality_manager_and_rational_collaborative_lifecycle_managementIBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725.2018-07-03not yet calculatedCVE-2017-1314
XF
CONFIRM
ibm — rational_productsMultiple IBM Rational products could disclose sensitive information by an attacker that intercepts vulnerable requests. IBM X-Force ID: 131758.2018-07-06not yet calculatedCVE-2017-1559
XF
CONFIRM
ibm — websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346.2018-07-06not yet calculatedCVE-2018-1621
CONFIRM
SECTRACK
XF
ibm — websphere_mqIBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.2018-07-06not yet calculatedCVE-2017-1795
CONFIRM
XF
imagemagick — imagemagick
 
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.2018-07-04not yet calculatedCVE-2018-13153
SECTRACK
CONFIRM
intex — n150_devicesAn issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.2018-07-02not yet calculatedCVE-2018-12528
MISC
EXPLOIT-DB
intex — n150_devices
 
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.2018-07-02not yet calculatedCVE-2018-12529
MISC
EXPLOIT-DB
invoiceplane — invoiceplaneAn XSS issue was discovered in InvoicePlane 1.5.10 via the “Quote PDF Password(Optional)” field.2018-07-03not yet calculatedCVE-2018-12255
MISC
MISC

j2_innovations — fin_stack

In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /auth/ariosa/login.2018-07-05not yet calculatedCVE-2017-11175
MISC
jirafeau — jirafeauA CSRF issue was discovered in Jirafeau before 3.4.1. The “delete file” feature on the admin panel is not protected against automated requests and could be abused.2018-07-06not yet calculatedCVE-2018-13407
MISC
jirafeau — jirafeauscript.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.2018-07-07not yet calculatedCVE-2018-11351
MISC
jirafeau — jirafeauAn issue was discovered in Jirafeau before 3.4.1. The “search file by hash” form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.2018-07-06not yet calculatedCVE-2018-13409
MISC
jirafeau — jirafeauAn issue was discovered in Jirafeau before 3.4.1. The “search file by link” form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.2018-07-06not yet calculatedCVE-2018-13408
MISC
jirafeau — jirafeauThe administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link.2018-07-07not yet calculatedCVE-2018-11349
MISC
jirafeau — jirafeau
 
An issue was discovered in Jirafeau before 3.4.1. The file “search by name” form is affected by one Cross-Site Scripting vulnerability via the name parameter.2018-07-07not yet calculatedCVE-2018-11350
MISC
jpeg-compressor — jpeg-compressor
 
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact.2018-07-01not yet calculatedCVE-2018-13037
MISC
MISC
libming — libming
 
libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.2018-07-05not yet calculatedCVE-2018-13250
MISC
libming — libming
 
In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.2018-07-05not yet calculatedCVE-2018-13251
MISC
libming — libming
 
There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE.2018-07-02not yet calculatedCVE-2018-13066
MISC
libsndfile — libsndfileAn issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert.2018-07-07not yet calculatedCVE-2018-13419
MISC
libsndfile — libsndfile
 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.2018-07-04not yet calculatedCVE-2018-13139
MISC
libsoup — libsoup
 
soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to have unspecified impact via an empty hostname.2018-07-05not yet calculatedCVE-2018-12910
CONFIRM
MLIST
FEDORA
UBUNTU
DEBIAN
linux — linux_kernelAn issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.2018-07-03not yet calculatedCVE-2018-13096
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.2018-07-03not yet calculatedCVE-2018-13100
BID
MISC
MISC
linux — linux_kernelThe inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group.2018-07-06not yet calculatedCVE-2018-13405
MISC
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.2018-07-03not yet calculatedCVE-2018-13094
MISC
MISC
MISC
linux — linux_kernelThe alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.2018-07-02not yet calculatedCVE-2018-13053
BID
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.2018-07-03not yet calculatedCVE-2018-13099
BID
MISC
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.2018-07-03not yet calculatedCVE-2018-13095
MISC
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.2018-07-03not yet calculatedCVE-2018-13093
MISC
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).2018-07-03not yet calculatedCVE-2018-13097
MISC
MISC
linux — linux_kernelAn integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.2018-07-06not yet calculatedCVE-2018-13406
MISC
MISC
MISC
linux — linux_kernelAn issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.2018-07-02not yet calculatedCVE-2018-12896
MISC
MISC
MISC
linux — linux_kernelAn issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.2018-07-03not yet calculatedCVE-2018-13098
MISC
MISC
medtronic — 2090_carelink_programmerMedtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.2018-07-02not yet calculatedCVE-2018-10596
MISC
medtronic — mycarelink_patient_monitor_and_mycarelink_monitorMedtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor’s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.2018-07-02not yet calculatedCVE-2018-8868
MISC
medtronic — mycarelink_patient_monitor_and_mycarelink_monitorMedtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.2018-07-02not yet calculatedCVE-2018-8870
MISC
memjs — memjs`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.2018-07-05not yet calculatedCVE-2018-3767
MISC
mercurial — mercurialThe mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.2018-07-05not yet calculatedCVE-2018-13348
MISC
MISC
mercurial — mercurial
 
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.2018-07-05not yet calculatedCVE-2018-13347
MISC
MISC
MISC
mercurial — mercurial
 
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.2018-07-05not yet calculatedCVE-2018-13346
MISC
MISC
merge-objects — merge-objectsThe utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.2018-07-03not yet calculatedCVE-2018-3753
MISC
merge-options — merge-options
 
The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.2018-07-03not yet calculatedCVE-2018-3752
MISC
merge-recursive — merge-recursiveThe utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.2018-07-03not yet calculatedCVE-2018-3751
MISC
microsoft — forefront_unified_access_gatewayuniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.2018-07-05not yet calculatedCVE-2018-12571
MISC
FULLDISC
FULLDISC
SECTRACK
mongodb — skyring_databaseThe skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text.2018-07-06not yet calculatedCVE-2017-2665
BID
CONFIRM
motorola — mbp853_firmwareThe Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.2018-07-02not yet calculatedCVE-2018-12499
MISC
naver — whale_browser
 
Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser’s address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.2018-07-03not yet calculatedCVE-2018-7635
MISC
nextcloud — calendarIn Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.2018-07-05not yet calculatedCVE-2018-3763
CONFIRM
nextcloud — contactsIn Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.2018-07-05not yet calculatedCVE-2018-3764
CONFIRM
nextcloud — serverNextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.2018-07-05not yet calculatedCVE-2018-3761
MISC
CONFIRM
nextcloud — serverNextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.2018-07-05not yet calculatedCVE-2018-3762
MISC
CONFIRM
ntopng — ntopngAn issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they’re targeting can abuse the deterministic random number generation in order to hijack the user’s session, thus escalating their access.2018-07-05not yet calculatedCVE-2018-12520
FULLDISC
MISC
CONFIRM
EXPLOIT-DB
omeka — omekaadmin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.2018-07-07not yet calculatedCVE-2018-13423
MISC
MISC
onefilecms — onefilecms
 
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI.2018-07-03not yet calculatedCVE-2018-13122
MISC
onefilecms — onefilecms
 
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.2018-07-03not yet calculatedCVE-2018-13123
MISC
onos — onos
 
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.2018-07-05not yet calculatedCVE-2018-12691
CONFIRM
CONFIRM
open-xchange — ox_app_suiteOpen-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an “all” action to api/tasks.2018-07-05not yet calculatedCVE-2018-9998
FULLDISC
SECTRACK
open-xchange — ox_app_suiteCross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.2018-07-05not yet calculatedCVE-2018-9997
FULLDISC
SECTRACK
opencart — opencart
 
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user’s password.2018-07-02not yet calculatedCVE-2018-13067
MISC
openshift — container_platformsource-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.2018-07-02not yet calculatedCVE-2018-10843
REDHAT
CONFIRM
opensid — opensidOpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.2018-07-01not yet calculatedCVE-2018-13040
MISC
opensid — opensidOpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI.2018-07-01not yet calculatedCVE-2018-13039
MISC
opensid — opensid
 
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.2018-07-01not yet calculatedCVE-2018-13038
MISC
opmantek — open-audit_community
 
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.2018-07-06not yet calculatedCVE-2018-11124
MISC
paessler — prtg_network_monitor
 
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.2018-07-02not yet calculatedCVE-2018-9276
MISC
BUGTRAQ
pan-os — pan-osThe PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.2018-07-03not yet calculatedCVE-2018-9334
CONFIRM
pan-os — pan-osThe URL filtering “continue page” hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs.2018-07-03not yet calculatedCVE-2018-7636
SECTRACK
CONFIRM
pan-os — pan-osThe PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.2018-07-03not yet calculatedCVE-2018-9242
CONFIRM
pan-os — pan-os
 
The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.2018-07-03not yet calculatedCVE-2018-9335
BID
CONFIRM
pan-os — pan-os
 
The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.2018-07-03not yet calculatedCVE-2018-9337
BID
CONFIRM
podman — podman
 
It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.2018-07-02not yet calculatedCVE-2018-10856
REDHAT
CONFIRM
CONFIRM
public — publicThe public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.2018-07-03not yet calculatedCVE-2018-3747
MISC
puppet — discoveryIn Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.2018-07-03not yet calculatedCVE-2018-11746
CONFIRM

qemu — qemu

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.2018-07-02not yet calculatedCVE-2017-2615
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MLIST
BID
SECTRACK
CONFIRM
MLIST
GENTOO
GENTOO
CONFIRM

qualcomm — android

The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5892
CONFIRM
qualcomm — androidPossible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-07-06not yet calculatedCVE-2018-5907
qualcomm — androidInteger overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data “param_length” goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5898
CONFIRM
qualcomm — androidIn __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur.2018-07-06not yet calculatedCVE-2018-5862
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidA race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.2018-07-06not yet calculatedCVE-2018-5853
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidWhile loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5885
CONFIRM
qualcomm — androidIn the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.2018-07-06not yet calculatedCVE-2018-5831
CONFIRM
CONFIRM
CONFIRM

qualcomm — android

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.2018-07-06not yet calculatedCVE-2018-11257
CONFIRM

qualcomm — android

Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.2018-07-06not yet calculatedCVE-2017-11088
CONFIRM
qualcomm — androidWhile processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5887
CONFIRM
CONFIRM
qualcomm — androidWhile padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.2018-07-06not yet calculatedCVE-2018-5855
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidWhile processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-3577
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidAn integer overflow to buffer overflow vulnerability exists in the ADSPRPC heap manager in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-07-06not yet calculatedCVE-2018-3586
MISC
qualcomm — androidIn wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.2018-07-06not yet calculatedCVE-2018-5836
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIf the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5835
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIn the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur.2018-07-06not yet calculatedCVE-2018-5858
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidDue to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.2018-07-06not yet calculatedCVE-2018-5859
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIn the ADSP RPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, an arbitrary kernel write can occur.2018-07-06not yet calculatedCVE-2018-3597
CONFIRM
CONFIRM
qualcomm — androidDue to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2017-15856
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIn Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied.2018-07-06not yet calculatedCVE-2018-5896
CONFIRM

qualcomm — android

In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.2018-07-06not yet calculatedCVE-2018-11258
CONFIRM
qualcomm — androidWhile parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5874
CONFIRM
qualcomm — androidDue to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur.2018-07-06not yet calculatedCVE-2018-5832
CONFIRM
CONFIRM
qualcomm — androidWhile processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5889
CONFIRM
CONFIRM

qualcomm — android

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5875
CONFIRM
qualcomm — androidWhile processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur.2018-07-06not yet calculatedCVE-2018-5865
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidWhile processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur.2018-07-06not yet calculatedCVE-2018-5893
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidA pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed.2018-07-06not yet calculatedCVE-2018-5886
CONFIRM
CONFIRM

qualcomm — android

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.2018-07-06not yet calculatedCVE-2018-11259
CONFIRM
qualcomm — androidWhile processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur.2018-07-06not yet calculatedCVE-2018-5864
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidWhile flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2017-14893
CONFIRM
CONFIRM
qualcomm — androidImproper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.2018-07-06not yet calculatedCVE-2018-5884
CONFIRM
qualcomm — androidIn the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference.2018-07-06not yet calculatedCVE-2018-3570
MISC
MISC
qualcomm — androidIn the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails.2018-07-06not yet calculatedCVE-2018-3564
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidWhile sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5878
CONFIRM
qualcomm — androidWhile reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5897
CONFIRM
qualcomm — androidIn __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5834
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidBuffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5895
CONFIRM
CONFIRM
qualcomm — androidPossible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images.2018-07-06not yet calculatedCVE-2017-18158
CONFIRM
CONFIRM
qualcomm — androidIn Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free.2018-07-06not yet calculatedCVE-2018-5899
CONFIRM
CONFIRM
qualcomm — androidIf the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5890
CONFIRM
CONFIRM
qualcomm — androidWhile parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5876
CONFIRM
qualcomm — androidWhile processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5888
CONFIRM
CONFIRM
qualcomm — androidLack of copy_from_user and information leak in function “msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel2018-07-06not yet calculatedCVE-2017-15851
MISC
MISC

qualcomm — android

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5891
CONFIRM
qualcomm — androidImproper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.2018-07-06not yet calculatedCVE-2018-5894
CONFIRM

qualcomm — android

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.2018-07-06not yet calculatedCVE-2018-5882
CONFIRM
qualcomm — androidAn issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.2018-07-06not yet calculatedCVE-2018-5873
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIn wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur.2018-07-06not yet calculatedCVE-2018-5829
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIn Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, while processing a StrHwPlatform with length smaller than EFICHIPINFO_MAX_ID_LENGTH, an array out of bounds access may occur.2018-07-06not yet calculatedCVE-2017-18159
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidPossible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.2018-07-06not yet calculatedCVE-2018-11304
qualcomm — androidWhile processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buffer overflow can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-5830
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidIn Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory.2018-07-06not yet calculatedCVE-2017-15824
CONFIRM
qualcomm — androidIn a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur.2018-07-06not yet calculatedCVE-2018-3587
CONFIRM
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidWhile parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur.2018-07-06not yet calculatedCVE-2018-5872
CONFIRM
CONFIRM
CONFIRM
qualcomm — androidImproper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.2018-07-06not yet calculatedCVE-2018-5838
CONFIRM
qualcomm — androidA buffer over-read can occur during a fast initial link setup (FILS) connection in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2018-3569
CONFIRM
CONFIRM
CONFIRM
qualcomm — android
 
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.2018-07-06not yet calculatedCVE-2017-14872
CONFIRM
CONFIRM
query-mysql — query-mysqlNode.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.2018-07-03not yet calculatedCVE-2018-3754
MISC
rails_admin — rails_admin
 
rails_admin ruby gem 2018-07-05not yet calculatedCVE-2016-10522
CONFIRM
MISC
MISC

realnetworks — realoneplayer

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.2018-07-03not yet calculatedCVE-2018-13121
MISC
red_hat — openshift
 
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.2018-07-05not yet calculatedCVE-2018-10885
CONFIRM
red_hat– fedora_and_enterprise_linux
 
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user’s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.2018-07-02not yet calculatedCVE-2018-1113
CONFIRM
redswimmer — kiosksimple
 
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.2018-07-03not yet calculatedCVE-2018-13101
MISC
roku — roku_and_roku_tv_products
 
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.2018-07-03not yet calculatedCVE-2018-11314
MISC
MISC
rsa — certificate_manager
 
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.2018-07-03not yet calculatedCVE-2018-11051
FULLDISC
SECTRACK
ruby-grape — ruby-graperuby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via “format” parameter.2018-07-05not yet calculatedCVE-2018-3769
CONFIRM
CONFIRM
CONFIRM
schneider_electric — evlink_charging_stationIn Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly authenticating remote users.2018-07-03not yet calculatedCVE-2018-7778
CONFIRM
schneider_electric — pelco_sarix_professional_camerasIn Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation.2018-07-03not yet calculatedCVE-2018-7781
CONFIRM
schneider_electric — pelco_sarix_professional_camerasIn Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text.2018-07-03not yet calculatedCVE-2018-7782
CONFIRM
schneider_electric — pelco_sarix_professional_camerasIn Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program “set”.2018-07-03not yet calculatedCVE-2018-7780
CONFIRM
schneider_electric — somachine_basicSchneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.2018-07-03not yet calculatedCVE-2018-7783
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter.2018-07-03not yet calculatedCVE-2018-7767
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.2018-07-03not yet calculatedCVE-2018-7765
CONFIRM
schneider_electric — u.motion_builderIn Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.2018-07-03not yet calculatedCVE-2018-7786
BID
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The ‘css’ parameter contains a directory traversal vulnerability.2018-07-03not yet calculatedCVE-2018-7763
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.2018-07-03not yet calculatedCVE-2018-7769
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the ‘s’ parameter of the applet.2018-07-03not yet calculatedCVE-2018-7764
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.2018-07-03not yet calculatedCVE-2018-7770
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the username input parameter.2018-07-03not yet calculatedCVE-2018-7774
CONFIRM
schneider_electric — u.motion_builderIn Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application.2018-07-03not yet calculatedCVE-2018-7784
BID
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the tpl input parameter.2018-07-03not yet calculatedCVE-2018-7768
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the id input parameter.2018-07-03not yet calculatedCVE-2018-7766
CONFIRM
schneider_electric — u.motion_builderIn Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.2018-07-03not yet calculatedCVE-2018-7785
BID
CONFIRM
schneider_electric — u.motion_builderIn Schneider Electric U.motion Builder software versions prior to v1.3.4, malicious clients can upload and cause the smbd server to execute a shared library from a writable share.2018-07-03not yet calculatedCVE-2018-7777
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.2018-07-03not yet calculatedCVE-2018-7775
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the sessionid input parameter.2018-07-03not yet calculatedCVE-2018-7773
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree.2018-07-03not yet calculatedCVE-2018-7771
CONFIRM
schneider_electric — u.motion_builderThe vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query to determine whether a user is logged in is subject to SQL injection on the loginSeed parameter, which can be embedded in the HTTP cookie of the request.2018-07-03not yet calculatedCVE-2018-7772
CONFIRM
schneider_electric — u.motion_builderIn Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request.2018-07-03not yet calculatedCVE-2018-7787
BID
CONFIRM
schneider_electric — u.motion_builder
 
The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server.2018-07-03not yet calculatedCVE-2018-7776
CONFIRM
schneider_electric — wiser_for_knxIn Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access.2018-07-03not yet calculatedCVE-2018-7779
CONFIRM
sencha — ext_jsThe getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.2018-07-05not yet calculatedCVE-2018-8046
CONFIRM
FULLDISC
siemens — siclockA vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device’s management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users.2018-07-03not yet calculatedCVE-2018-4856
BID
CONFIRM
siemens — siclockA vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.2018-07-03not yet calculatedCVE-2018-4854
BID
CONFIRM
siemens — siclockA vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.2018-07-03not yet calculatedCVE-2018-4851
BID
CONFIRM
siemens — siclockA vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device.2018-07-03not yet calculatedCVE-2018-4852
BID
CONFIRM
siemens — siclockA vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.2018-07-03not yet calculatedCVE-2018-4853
BID
CONFIRM
siemens — siclockA vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords.2018-07-03not yet calculatedCVE-2018-4855
BID
CONFIRM
singularity — singularitySingularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.2018-07-05not yet calculatedCVE-2018-12021
CONFIRM
sonos — wireless_speaker_productsThe UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.2018-07-03not yet calculatedCVE-2018-11316
MISC
MISC
synology — carddav_server
 
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.2018-07-05not yet calculatedCVE-2018-8928
CONFIRM
synology — synology_ssl_vpn_client
 
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.2018-07-06not yet calculatedCVE-2018-8929
CONFIRM
synology — universal_searchImproper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.2018-07-05not yet calculatedCVE-2017-16773
CONFIRM
tcexam — tcexamTCExam before 14.1.2 has XSS via an ff_ or xl_ field.2018-07-07not yet calculatedCVE-2018-13422
MISC
tcpreplay — tcpreplay
 
get_l2len in common/get.c in Tcpreplay 4.3.0 beta 1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.2018-07-03not yet calculatedCVE-2018-13112
MISC
tp-link — archer_c1200_wireless_routerTP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.2018-07-04not yet calculatedCVE-2018-13134
MISC
tp-link — tl-wr841n_devicesThe Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.2018-07-02not yet calculatedCVE-2018-12577
MISC
tp-link — tl-wr841n_devicesCSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.2018-07-02not yet calculatedCVE-2018-12574
MISC
tp-link — tl-wr841n_devicesTP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.2018-07-02not yet calculatedCVE-2018-12576
MISC
tp-link — tl-wr841n_devicesOn TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.2018-07-02not yet calculatedCVE-2018-12575
MISC
trackr — trackr_bravoUnauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.2018-07-06not yet calculatedCVE-2016-6540
BID
MISC
CERT-VN
MISC
trackr — trackr_bravoThe Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.2018-07-06not yet calculatedCVE-2016-6539
BID
MISC
CERT-VN
MISC
trackr — trackr_bravoTrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.2018-07-06not yet calculatedCVE-2016-6541
BID
MISC
CERT-VN
MISC
trackr — trackr_bravo
 
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.2018-07-06not yet calculatedCVE-2016-6538
BID
MISC
CERT-VN
MISC
trend_micro — maximum_security_2018A vulnerability in Trend Micro Maximum Security’s (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.2018-07-06not yet calculatedCVE-2018-3608
MISC
MISC
ubiquiti — ucrmUbiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with “Edit” access to “System Customization”.2018-07-03not yet calculatedCVE-2017-0913
MISC
MISC
ubiquiti — ucrmUbiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with “Edit” access to “Scheduling”.2018-07-03not yet calculatedCVE-2017-0912
MISC
wordpress — wordpressThe WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type.2018-07-02not yet calculatedCVE-2018-12426
MISC
MISC
wordpress — wordpressThe Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.2018-07-04not yet calculatedCVE-2018-13136
MISC
MISC
xapian — xapian-core
 
A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet().2018-07-02not yet calculatedCVE-2018-0499
CONFIRM
CONFIRM
xen — xenAn issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing the conditions through its own page table contents, a malicious guest may cause such bypasses to be used for an unbounded number of iterations. A malicious or buggy PV guest may cause a Denial of Service (DoS) affecting the entire host. Specifically, it may prevent use of a physical CPU for an indeterminate period of time. All Xen versions from 3.4 onwards are vulnerable. Xen versions 3.3 and earlier are vulnerable to an even wider class of attacks, due to them lacking preemption checks altogether in the affected code paths. Only x86 systems are affected. ARM systems are not affected. Only multi-vCPU x86 PV guests can leverage the vulnerability. x86 HVM or PVH guests as well as x86 single-vCPU PV ones cannot leverage the vulnerability.2018-07-02not yet calculatedCVE-2018-12891
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
DEBIAN
xen — xenAn issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.2018-07-02not yet calculatedCVE-2018-12893
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
DEBIAN
xen — xenAn issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to supposedly read-only disk images. Only emulated SCSI disks (specified as “sd” in the libxl disk configuration, or an equivalent) are affected. IDE disks (“hd”) are not affected (because attempts to make them readonly are rejected). Additionally, CDROM devices (that is, devices specified to be presented to the guest as CDROMs, regardless of the nature of the backing storage on the host) are not affected; they are always read only. Only systems using qemu-xen (rather than qemu-xen-traditional) as the device model version are vulnerable. Only systems using libxl or libxl-based toolstacks are vulnerable. (This includes xl, and libvirt with the libxl driver.) The vulnerability is present in Xen versions 4.7 and later. (In earlier versions, provided that the patch for XSA-142 has been applied, attempts to create read only disks are rejected.) If the host and guest together usually support PVHVM, the issue is exploitable only if the malicious guest administrator has control of the guest kernel or guest kernel command line.2018-07-02not yet calculatedCVE-2018-12892
MLIST
BID
SECTRACK
CONFIRM
DEBIAN
zoho — manageengine_applications_managerA SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x via the j_username parameter in a /j_security_check POST request.2018-07-02not yet calculatedCVE-2018-13050
MISC
zoho — manageengine_eventlog_analyzerAn issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard).2018-07-02not yet calculatedCVE-2018-10076
CONFIRM
zoho — manageengine_eventlog_analyzer
 
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.2018-07-02not yet calculatedCVE-2018-10075
CONFIRM
zzcms — zzcms
 
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.2018-07-03not yet calculatedCVE-2018-13116
MISC
zzcms — zzcms
 
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock.2018-07-02not yet calculatedCVE-2018-13056
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.