CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2018-13168 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
852 CVE-2018-13167 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
853 CVE-2018-13166 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
854 CVE-2018-13165 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
855 CVE-2018-13164 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
856 CVE-2018-13163 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
857 CVE-2018-13162 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
858 CVE-2018-13161 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
859 CVE-2018-13160 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
860 CVE-2018-13159 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
861 CVE-2018-13158 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
862 CVE-2018-13157 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
863 CVE-2018-13156 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
864 CVE-2018-13155 190 Overflow 2018-07-05 2018-08-17
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
865 CVE-2018-13153 772 2018-07-05 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
866 CVE-2018-13146 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow.
867 CVE-2018-13145 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow.
868 CVE-2018-13144 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow.
869 CVE-2018-13139 787 DoS Overflow 2018-07-04 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
870 CVE-2018-13136 79 XSS 2018-07-04 2019-09-18
4.3
None Remote Medium Not required None Partial None
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
871 CVE-2018-13134 79 XSS 2018-07-04 2019-03-28
4.3
None Remote Medium Not required None Partial None
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
872 CVE-2018-13133 426 2018-07-04 2018-09-06
4.6
None Local Low Not required Partial Partial Partial
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.
873 CVE-2018-13132 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
874 CVE-2018-13131 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
875 CVE-2018-13130 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
876 CVE-2018-13129 190 Overflow 2018-07-04 2018-08-23
5.0
None Remote Low Not required None Partial None
SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
877 CVE-2018-13128 190 Overflow 2018-07-04 2018-08-24
5.0
None Remote Low Not required None Partial None
Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
878 CVE-2018-13127 190 Overflow 2018-07-04 2018-08-24
5.0
None Remote Low Not required None Partial None
SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
879 CVE-2018-13126 190 Overflow 2018-07-04 2018-08-24
5.0
None Remote Low Not required None Partial None
MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
880 CVE-2018-13123 200 +Info 2018-07-03 2018-09-04
5.0
None Remote Low Not required Partial None None
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.
881 CVE-2018-13122 732 2018-07-03 2020-02-06
5.5
None Remote Low ??? None Partial Partial
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI.
882 CVE-2018-13121 119 DoS Overflow 2018-07-03 2018-09-04
4.3
None Remote Medium Not required None None Partial
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
883 CVE-2018-13116 89 Sql 2018-07-03 2018-08-23
7.5
None Remote Low Not required Partial Partial Partial
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
884 CVE-2018-13113 190 Overflow 2018-07-03 2018-08-23
5.0
None Remote Low Not required None Partial None
The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow.
885 CVE-2018-13112 125 DoS 2018-07-03 2019-03-06
5.0
None Remote Low Not required None None Partial
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.
886 CVE-2018-13110 732 +Priv 2018-07-06 2019-10-03
8.5
None Remote Medium ??? Complete Complete Complete
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.
887 CVE-2018-13109 863 Bypass 2018-07-06 2019-10-03
5.0
None Remote Low Not required None Partial None
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
888 CVE-2018-13108 2018-07-06 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.
889 CVE-2018-13106 79 XSS 2018-07-03 2018-08-31
3.5
None Remote Medium ??? None Partial None
ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.
890 CVE-2018-13102 426 2018-07-03 2018-09-11
6.8
None Remote Medium Not required Partial Partial Partial
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.
891 CVE-2018-13101 2018-07-03 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via execution of attacker controlled binaries.
892 CVE-2018-13100 369 2018-07-03 2019-04-03
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
893 CVE-2018-13099 125 DoS 2018-07-03 2021-01-05
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
894 CVE-2018-13098 125 DoS 2018-07-03 2019-08-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.
895 CVE-2018-13097 125 DoS 2018-07-03 2019-04-03
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).
896 CVE-2018-13096 125 DoS 2018-07-03 2021-01-05
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.
897 CVE-2018-13095 787 DoS Mem. Corr. 2018-07-03 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
898 CVE-2018-13094 476 2018-07-03 2019-04-23
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
899 CVE-2018-13093 476 2018-07-03 2019-08-06
4.3
None Remote Medium Not required None None Partial
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.
900 CVE-2018-13092 190 Overflow 2018-07-03 2018-08-23
5.0
None Remote Low Not required None Partial None
The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
Total number of vulnerabilities : 2175   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.