Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2018-13221 The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, conseque... | N/A | NONE | — | 0 |
| CVE-2018-13222 The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's asset... | N/A | NONE | — | 0 |
| CVE-2018-13223 The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequ... | N/A | NONE | — | 0 |
| CVE-2018-13224 The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zer... | N/A | NONE | — | 0 |
| CVE-2018-13225 The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | N/A | NONE | — | 0 |
| CVE-2018-13226 The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | N/A | NONE | — | 0 |
| CVE-2018-13227 The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's ass... | N/A | NONE | — | 0 |
| CVE-2018-13228 The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | N/A | NONE | — | 0 |
| CVE-2018-13229 The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's asse... | N/A | NONE | — | 0 |
| CVE-2018-13230 The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | N/A | NONE | — | 0 |
| CVE-2018-13231 The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently re... | N/A | NONE | — | 0 |
| CVE-2018-13232 The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently red... | N/A | NONE | — | 0 |
| CVE-2018-13233 The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | N/A | NONE | — | 0 |
| CVE-2017-16773 Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | N/A | NONE | — | 0 |
| CVE-2018-10885 In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a De... | N/A | NONE | — | 0 |
| CVE-2018-8038 Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Pro... | N/A | NONE | — | 0 |
| CVE-2018-8928 Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family... | N/A | NONE | — | 0 |
| CVE-2018-9185 An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web p... | N/A | NONE | — | 0 |
| CVE-2018-13250 libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial o... | N/A | NONE | — | 0 |
| CVE-2018-13251 In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerabi... | N/A | NONE | — | 0 |
| CVE-2018-8026 This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA... | N/A | NONE | — | 0 |
| CVE-2016-10522 rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access ... | N/A | NONE | — | 0 |
| CVE-2018-3761 Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was part... | 8.1 | HIGH | — | 0 |
| CVE-2018-3762 Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | 4.3 | MEDIUM | — | 0 |
| CVE-2018-3763 In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only af... | 4.8 | MEDIUM | — | 0 |
| CVE-2018-3764 In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected gro... | 4.8 | MEDIUM | — | 0 |
| CVE-2018-3766 Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | 7.5 | HIGH | — | 0 |
| CVE-2018-3767 `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | N/A | NONE | — | 0 |
| CVE-2018-3769 ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2018-13252 Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | N/A | NONE | — | 0 |
| CVE-2018-13328 The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | 7.5 | HIGH | — | 0 |
| CVE-2018-13300 In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read whil... | N/A | NONE | — | 0 |
| CVE-2018-13301 In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while con... | N/A | NONE | — | 0 |
| CVE-2018-13302 In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an ... | N/A | NONE | — | 0 |
| CVE-2018-13303 In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a ... | N/A | NONE | — | 0 |
| CVE-2018-13304 In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AV... | N/A | NONE | — | 0 |
| CVE-2018-13305 In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a ... | N/A | NONE | — | 0 |
| CVE-2018-17138 The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. | N/A | NONE | — | 0 |
| CVE-2018-12021 Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information b... | N/A | NONE | — | 0 |
| CVE-2018-12691 Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data pl... | N/A | NONE | — | 0 |
| CVE-2018-12910 The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | N/A | NONE | — | 0 |
| CVE-2018-12976 In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. | N/A | NONE | — | 0 |
| CVE-2018-13325 The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. | N/A | NONE | — | 0 |
| CVE-2018-13326 The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | 7.5 | HIGH | — | 0 |
| CVE-2018-13327 The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | 7.5 | HIGH | — | 0 |
| CVE-2018-7944 Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs ... | N/A | NONE | — | 0 |
| CVE-2017-16816 The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions. | N/A | NONE | — | 0 |
| CVE-2018-10987 An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a speciall... | N/A | NONE | — | 0 |
| CVE-2018-10988 An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, wi... | N/A | NONE | — | 0 |
| CVE-2018-12103 An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.