Security News

CVE-2018-13250

National Vulnerability Database - Thu, 07/05/2018 - 10:29
libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
Categories: Security News

CVE-2018-13251

National Vulnerability Database - Thu, 07/05/2018 - 10:29
In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
Categories: Security News

CVE-2018-8026

National Vulnerability Database - Thu, 07/05/2018 - 10:29
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability.
Categories: Security News

CVE-2017-16773

National Vulnerability Database - Thu, 07/05/2018 - 09:29
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
Categories: Security News

CVE-2018-10885

National Vulnerability Database - Thu, 07/05/2018 - 09:29
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. An attacker can use this flaw to cause a Denial of Service (DoS) attack on an Openshift 3.9, or 3.7 Cluster.
Categories: Security News

CVE-2018-8038

National Vulnerability Database - Thu, 07/05/2018 - 09:29
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
Categories: Security News

CVE-2018-8928

National Vulnerability Database - Thu, 07/05/2018 - 09:29
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
Categories: Security News

CVE-2018-9185

National Vulnerability Database - Thu, 07/05/2018 - 09:29
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
Categories: Security News

Vuln: Apache Solr CVE-2018-8026 XML External Entity Multiple Information Disclosure Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 07/05/2018 - 00:00
Apache Solr CVE-2018-8026 XML External Entity Multiple Information Disclosure Vulnerabilities
Categories: Security News

Vuln: FFmpeg Multiple Denial of Service Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 07/05/2018 - 00:00
FFmpeg Multiple Denial of Service Vulnerabilities
Categories: Security News

CVE-2018-13231

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13232

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13233

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13211

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13212

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13213

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13214

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13215

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13216

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

CVE-2018-13217

National Vulnerability Database - Wed, 07/04/2018 - 22:29
The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
Categories: Security News

Pages