Vulnerabilities (CVE)

Total 314610 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13139 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2024-11-21 6.8 MEDIUM 8.8 HIGH
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave.
CVE-2018-13137 1 Pixelite 1 Events Manager 2024-11-21 3.5 LOW 4.8 MEDIUM
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVE-2018-13136 1 Ultimatemember 1 Ultimate Member 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen.
CVE-2018-13134 1 Tp-link 2 Archer C1200, Archer C1200 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
CVE-2018-13133 1 Goldenfrog 1 Vyprvpn 2024-11-21 4.6 MEDIUM 7.8 HIGH
Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows.
CVE-2018-13132 1 Spadeico Project 1 Spadeico 2024-11-21 5.0 MEDIUM 7.5 HIGH
Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13131 1 Spadepresale Project 1 Spadepresale 2024-11-21 5.0 MEDIUM 7.5 HIGH
SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13130 1 Bitotal 1 Bitotal 2024-11-21 5.0 MEDIUM 7.5 HIGH
Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13129 1 Sp8de 1 Sp8de 2024-11-21 5.0 MEDIUM 7.5 HIGH
SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13128 1 Etherty 1 Etherty Token 2024-11-21 5.0 MEDIUM 7.5 HIGH
Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13127 1 Sp8de 1 Sp8de Presale Token 2024-11-21 5.0 MEDIUM 7.5 HIGH
SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13126 1 Moxy 1 Moxyonepresale 2024-11-21 5.0 MEDIUM 7.5 HIGH
MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
CVE-2018-13123 1 Onefilecms 1 Onefilecms 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.
CVE-2018-13122 1 Onefilecms 1 Onefilecms 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI.
CVE-2018-13121 1 Realnetworks 1 Realone Player 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
CVE-2018-13116 1 Zzcms 1 Zzcms 2024-11-21 7.5 HIGH 9.8 CRITICAL
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
CVE-2018-13115 1 Keruigroup 2 Ypc99, Ypc99 Firmware 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop streaming, and the command SETSSID to disconnect a user.
CVE-2018-13114 1 Keruigroup 2 Ypc99, Ypc99 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Missing authentication and improper input validation in KERUI Wifi Endoscope Camera (YPC99) allow an attacker to execute arbitrary commands (with a length limit of 19 characters) via the "ssid" value, as demonstrated by ssid:;ping 192.168.1.2 in the body of a SETSSID command.
CVE-2018-13113 1 Easy Trading Token Project 1 Easy Trading Token 2024-11-21 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13112 1 Broadcom 1 Tcpreplay 2024-11-21 5.0 MEDIUM 7.5 HIGH
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep.