The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-13304 | In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13325 | The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13326 | ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13327 | ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13328 | The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13339 | Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13340 | Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13346 | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | MEDIUM | Jul 5, 2018 |
| CVE-2018-13347 | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | HIGH | Jul 5, 2018 |
| CVE-2018-13348 | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | MEDIUM | Jul 5, 2018 |
| CVE-2018-3761 | Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | MEDIUM | Jul 5, 2018 |
| CVE-2018-3762 | Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | MEDIUM | Jul 5, 2018 |
| CVE-2018-3763 | In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | LOW | Jul 5, 2018 |
| CVE-2018-3764 | In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | LOW | Jul 5, 2018 |
| CVE-2018-3766 | Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | MEDIUM | Jul 5, 2018 |
| CVE-2018-3767 | `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. | MEDIUM | Jul 5, 2018 |
| CVE-2018-3769 | ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via format parameter. | MEDIUM | Jul 5, 2018 |
| CVE-2018-7944 | Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally. | HIGH | Jul 5, 2018 |
| CVE-2018-8046 | The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | MEDIUM | Jul 5, 2018 |
| CVE-2018-8928 | Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | LOW | Jul 5, 2018 |
| CVE-2015-9260 | An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. | LOW | Jul 4, 2018 |
| CVE-2018-12018 | The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13133 | Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13134 | TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13136 | The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13139 | A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13144 | ** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13145 | The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13146 | The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13155 | The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13156 | The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13157 | The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13158 | The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13159 | The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13160 | The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13161 | The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13162 | The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13163 | The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13164 | The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13165 | The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13166 | The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13167 | The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13168 | The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13171 | The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13172 | The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13173 | The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13174 | The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13175 | The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13182 | The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
| CVE-2018-13184 | The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | MEDIUM | Jul 4, 2018 |
