CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2018-13422 79 XSS 2018-07-07 2018-08-27
4.3
None Remote Medium Not required None Partial None
TCExam before 14.1.2 has XSS via an ff_ or xl_ field.
752 CVE-2018-13421 125 2018-07-07 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.
753 CVE-2018-13420 772 2018-07-07 2019-10-03
5.0
None Remote Low Not required None None Partial
** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program.
754 CVE-2018-13419 772 2018-07-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue.
755 CVE-2018-13410 416 DoS Exec Code 2018-07-06 2018-08-27
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands.
756 CVE-2018-13409 79 +Priv XSS 2018-07-06 2018-08-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
757 CVE-2018-13408 79 +Priv XSS 2018-07-06 2018-08-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges.
758 CVE-2018-13407 352 CSRF 2018-07-06 2018-08-23
5.5
None Remote Low ??? None Partial Partial
A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused.
759 CVE-2018-13406 190 Overflow 2018-07-06 2019-03-27
7.2
None Local Low Not required Complete Complete Complete
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
760 CVE-2018-13405 269 2018-07-06 2021-01-05
4.6
None Local Low Not required Partial Partial Partial
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
761 CVE-2018-13389 20 2018-07-10 2018-09-07
4.3
None Remote Medium Not required None Partial None
The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml.
762 CVE-2018-13388 79 XSS 2018-07-10 2018-09-04
3.5
None Remote Medium ??? None Partial None
The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files.
763 CVE-2018-13387 79 XSS 2018-07-16 2018-09-17
4.3
None Remote Medium Not required None Partial None
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.
764 CVE-2018-13386 88 Exec Code 2018-07-24 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for Windows before version 2.6.9 are affected by this vulnerability.
765 CVE-2018-13385 88 Exec Code 2018-07-24 2020-05-11
7.5
None Remote Low Not required Partial Partial Partial
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree for macOS from 1.0b2 before 2.7.6 are affected by this vulnerability.
766 CVE-2018-13348 20 2018-07-06 2020-07-31
5.0
None Remote Low Not required None Partial None
The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001.
767 CVE-2018-13347 190 2018-07-06 2020-07-31
7.5
None Remote Low Not required Partial Partial Partial
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
768 CVE-2018-13346 20 2018-07-06 2020-07-31
5.0
None Remote Low Not required None Partial None
The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
769 CVE-2018-13340 352 CSRF 2018-07-05 2018-08-28
6.8
None Remote Medium Not required Partial Partial Partial
Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request.
770 CVE-2018-13339 79 XSS 2018-07-05 2018-08-28
4.3
None Remote Medium Not required None Partial None
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
771 CVE-2018-13328 190 Overflow 2018-07-05 2020-02-24
5.0
None Remote Low Not required None Partial None
The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.
772 CVE-2018-13327 190 Overflow 2018-07-05 2018-08-24
5.0
None Remote Low Not required None Partial None
The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow.
773 CVE-2018-13326 190 Overflow 2018-07-05 2018-08-24
5.0
None Remote Low Not required None Partial None
The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow.
774 CVE-2018-13325 190 Overflow 2018-07-05 2018-09-05
5.0
None Remote Low Not required None Partial None
The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow.
775 CVE-2018-13305 125 DoS 2018-07-05 2020-01-14
5.8
None Remote Medium Not required Partial None Partial
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
776 CVE-2018-13304 617 DoS 2018-07-05 2019-10-03
4.3
None Remote Medium Not required None None Partial
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.
777 CVE-2018-13303 476 DoS 2018-07-05 2018-07-18
4.3
None Remote Medium Not required None None Partial
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
778 CVE-2018-13302 129 DoS 2018-07-05 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
779 CVE-2018-13301 476 DoS 2018-07-05 2018-07-18
4.3
None Remote Medium Not required None None Partial
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
780 CVE-2018-13300 125 DoS 2018-07-05 2021-01-04
5.8
None Remote Medium Not required Partial None Partial
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
781 CVE-2018-13280 330 2018-07-30 2019-10-09
4.3
None Remote Medium Not required Partial None None
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
782 CVE-2018-13256 79 XSS 2018-07-09 2020-05-06
4.3
None Remote Medium Not required None Partial None
PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter.
783 CVE-2018-13252 79 XSS 2018-07-05 2018-09-05
4.3
None Remote Medium Not required None Partial None
Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.
784 CVE-2018-13251 400 2018-07-05 2018-08-27
4.3
None Remote Medium Not required None None Partial
In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
785 CVE-2018-13250 476 DoS 2018-07-05 2018-08-27
4.3
None Remote Medium Not required None None Partial
libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
786 CVE-2018-13233 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
787 CVE-2018-13232 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
788 CVE-2018-13231 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
789 CVE-2018-13230 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
790 CVE-2018-13229 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
791 CVE-2018-13228 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
792 CVE-2018-13227 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
793 CVE-2018-13226 190 Overflow 2018-07-05 2019-04-08
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
794 CVE-2018-13225 190 Overflow 2018-07-05 2018-08-23
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
795 CVE-2018-13224 190 Overflow 2018-07-05 2018-08-27
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
796 CVE-2018-13223 190 Overflow 2018-07-05 2018-09-02
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
797 CVE-2018-13222 190 Overflow 2018-07-05 2018-08-27
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
798 CVE-2018-13221 190 Overflow 2018-07-05 2018-08-29
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
799 CVE-2018-13220 190 Overflow 2018-07-05 2018-08-24
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
800 CVE-2018-13219 190 Overflow 2018-07-05 2018-08-24
5.0
None Remote Low Not required None Partial None
The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Total number of vulnerabilities : 2175   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.