Total
297776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14241 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6004. | |||||
| CVE-2018-14089 | 1 Virgo Zodiactoken Project | 1 Virgo Zodiactoken | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition. | |||||
| CVE-2018-14088 | 1 Stex White List Project | 1 Stex White List | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounders(). | |||||
| CVE-2018-14087 | 1 Encryptedtoken Project | 1 Encryptedtoken | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback function. | |||||
| CVE-2018-14086 | 1 Mytoken Project | 1 Mytoken | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(). | |||||
| CVE-2018-14085 | 1 Userwallet Project | 1 Userwallet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789. | |||||
| CVE-2018-14084 | 1 Myadvancedtoken Project | 1 Myadvancedtoken | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(). | |||||
| CVE-2018-14083 | 1 Lica | 2 Minicmts E8k, Minicmts E8k Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash. | |||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | |||||
| CVE-2018-14081 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext. | |||||
| CVE-2018-14080 | 2 D-link, Dlink | 4 Dir-809 A1 Firmware, Dir-809 A2 Firmware, Dir-809 Guestzone Firmware and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file. | |||||
| CVE-2018-14079 | 1 Wi2be | 2 Smart Hp, Smart Hp Wmt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp. | |||||
| CVE-2018-14078 | 1 Wi2be | 1 Smart Hp Wmt | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack). | |||||
| CVE-2018-14077 | 1 Wi2be | 1 Smart Hp Wmt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg. | |||||
| CVE-2018-14073 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c. | |||||
| CVE-2018-14072 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c. | |||||
| CVE-2018-14071 | 1 Cyberhobo | 1 Geo Mashup | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. | |||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | |||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | |||||
| CVE-2018-14067 | 1 Greenpacket | 2 Dv-360, Dv-360 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. | |||||