Security News

CVE-2018-13326

National Vulnerability Database - Thu, 07/05/2018 - 14:29
The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow.
Categories: Security News

CVE-2018-13327

National Vulnerability Database - Thu, 07/05/2018 - 14:29
The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow.
Categories: Security News

CVE-2018-13328

National Vulnerability Database - Thu, 07/05/2018 - 14:29
The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow.
Categories: Security News

CVE-2018-7944

National Vulnerability Database - Thu, 07/05/2018 - 14:29
Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. An attacker gets some user's smart phone and performs some special operations in the guide function. The attacker may exploit the vulnerability to bypass FRP function and use the phone normally.
Categories: Security News

CVE-2018-13252

National Vulnerability Database - Thu, 07/05/2018 - 13:29
Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.
Categories: Security News

CVE-2018-13300

National Vulnerability Database - Thu, 07/05/2018 - 13:29
In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
Categories: Security News

CVE-2018-13301

National Vulnerability Database - Thu, 07/05/2018 - 13:29
In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
Categories: Security News

CVE-2018-13302

National Vulnerability Database - Thu, 07/05/2018 - 13:29
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
Categories: Security News

CVE-2018-13303

National Vulnerability Database - Thu, 07/05/2018 - 13:29
In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.
Categories: Security News

CVE-2018-13304

National Vulnerability Database - Thu, 07/05/2018 - 13:29
In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.
Categories: Security News

CVE-2018-13305

National Vulnerability Database - Thu, 07/05/2018 - 13:29
In FFmpeg 4.0.1, due to a missing check for negative values of the mqaunt variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
Categories: Security News

CVE-2016-10522

National Vulnerability Database - Thu, 07/05/2018 - 12:29
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
Categories: Security News

CVE-2016-10545

National Vulnerability Database - Thu, 07/05/2018 - 12:29
thor ruby gem suffers from a command injection vulnerability due to the use of `open-uri`'s open() as used in Thor::Actions#get, allowing for execution of system commands.
Categories: Security News

CVE-2018-3761

National Vulnerability Database - Thu, 07/05/2018 - 12:29
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.
Categories: Security News

CVE-2018-3762

National Vulnerability Database - Thu, 07/05/2018 - 12:29
Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.
Categories: Security News

CVE-2018-3763

National Vulnerability Database - Thu, 07/05/2018 - 12:29
In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.
Categories: Security News

CVE-2018-3764

National Vulnerability Database - Thu, 07/05/2018 - 12:29
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins.
Categories: Security News

CVE-2018-3766

National Vulnerability Database - Thu, 07/05/2018 - 12:29
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.
Categories: Security News

CVE-2018-3767

National Vulnerability Database - Thu, 07/05/2018 - 12:29
`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.
Categories: Security News

CVE-2018-3769

National Vulnerability Database - Thu, 07/05/2018 - 12:29
ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.
Categories: Security News

Pages