CVE-2018-14002
An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-14002
[월:] 2018년 07월
CVE-2018-13836
CVE-2018-13836
An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user’s balance.
Source: CVE-2018-13836
CVE-2018-12540
CVE-2018-12540
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Source: CVE-2018-12540
CVE-2017-18155
CVE-2017-18155
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.
Source: CVE-2017-18155
CVE-2018-1334
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Source: CVE-2018-1334
CVE-2018-8024
CVE-2018-8024
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it’s possible for a malicious user to construct a URL pointing to a Spark cluster’s UI’s job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user’s view of the Spark UI.
Source: CVE-2018-8024
CVE-2018-10895
CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access ‘qute://*’ URLs. A malicious website could exploit this to load a ‘qute://settings/set’ URL, which then sets ‘editor.command’ to a bash script, resulting in arbitrary code execution.
Source: CVE-2018-10895
CVE-2018-13999
CVE-2018-13999
Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator).
Source: CVE-2018-13999
CVE-2018-13998
CVE-2018-13998
ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.
Source: CVE-2018-13998
CVE-2018-13996
CVE-2018-13996
Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c.
Source: CVE-2018-13996