CVE-2018-14009
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
Source: CVE-2018-14009
[월:] 2018년 07월
CVE-2018-12463
CVE-2018-12463
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Source: CVE-2018-12463
CVE-2017-14710
CVE-2017-14710
The Shein Group Ltd. "SHEIN – Fashion Shopping" app — aka shein fashion-shopping/id878577184 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: CVE-2017-14710
CVE-2017-14709
CVE-2017-14709
The komoot GmbH "Komoot – Cycling & Hiking Maps" app before 9.3.2 — aka komoot-cycling-hiking-maps/id447374873 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: CVE-2017-14709
CVE-2017-14612
CVE-2017-14612
"Shpock Boot Sale & Classifieds" app before 3.17.0 — aka shpock-boot-sale-classifieds/id557153158 — for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: CVE-2017-14612
CVE-2018-14006
CVE-2018-14006
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-14006
CVE-2018-14005
CVE-2018-14005
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-14005
CVE-2018-14004
CVE-2018-14004
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-14004
CVE-2018-14003
CVE-2018-14003
An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-14003
CVE-2018-14001
CVE-2018-14001
An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-14001