Skip to main content
CVE-2018-13161 HIGH POC This Week

The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Multigames
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13160 HIGH POC This Week

The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Etktokens
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13159 HIGH POC This Week

The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Bankcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13158 HIGH POC This Week

The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Assettoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13157 HIGH POC This Week

The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Cryptonitexcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13156 HIGH POC This Week

The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Bonustoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13155 HIGH POC This Week

The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gemchain
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-12018 HIGH POC PATCH This Week

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Go Ethereum
NVD GitHub
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-13251 MEDIUM POC This Month

In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-13250 MEDIUM POC This Month

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-13153 MEDIUM POC This Month

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
4.0%
CVE-2018-13339 MEDIUM POC This Month

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angular Redactor
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-8738 MEDIUM POC This Month

Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 5444 Firmware 5444Tt Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-3769 MEDIUM POC PATCH This Month

ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Grape
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2018-13052 CRITICAL Act Now

In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-12976 CRITICAL PATCH Act Now

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Go Doc Dot Org
NVD GitHub
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-12910 CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-8026 MEDIUM POC PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Solr Snapcenter Storage Automation Store
NVD
CVSS 3.0
5.5
EPSS
9.0%
CVE-2018-13302 HIGH PATCH This Week

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-13305 HIGH PATCH This Week

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Ffmpeg
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-13300 HIGH PATCH This Week

In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Ffmpeg Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-3761 HIGH This Week

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2018-9185 HIGH This Week

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortios
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-10988 HIGH This Week

An issue was discovered on Diqee Diqee360 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Diqee360 Firmware
NVD GitHub
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-10987 HIGH This Week

An issue was discovered on Dongguan Diqee Diqee360 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Command Injection Diqee360 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-13328 HIGH This Week

The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Pfg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-13327 HIGH This Week

The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Chucunlingaigo
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2018-13326 HIGH This Week

The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Bittelux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2018-13325 HIGH This Week

The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Growchain
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-8038 HIGH PATCH This Week

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Cxf Fediz
NVD GitHub
CVSS 3.0
7.5
EPSS
10.7%
CVE-2018-10885 HIGH This Week

In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openshift
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-13233 HIGH This Week

The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Gsi
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13224 HIGH This Week

The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Virtual Energy Units
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13223 HIGH This Week

The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Rtokenmain
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13222 HIGH This Week

The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Objecttoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13221 HIGH This Week

The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Extreme Coin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13220 HIGH This Week

The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mavcash
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13219 HIGH This Week

The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Yourcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13218 HIGH This Week

The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Ico Dollar
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13217 HIGH This Week

The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Cointoken
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13216 HIGH This Week

The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Greenmed
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13215 HIGH This Week

The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Sample Token
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13214 HIGH This Week

The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Gmile
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13213 HIGH This Week

The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Travelcoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13212 HIGH This Week

The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Ethereumlegit
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13211 HIGH This Week

The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mytokenshr
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13210 HIGH This Week

The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which "amount *. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Providence Crypto Casino
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13209 HIGH This Week

The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Nectar
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13208 HIGH This Week

The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Moneytree
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13207 HIGH This Week

The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Porncoin
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy