Total
2446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14086 | 1 Mytoken Project | 1 Mytoken | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(). | |||||
| CVE-2018-14084 | 1 Myadvancedtoken Project | 1 Myadvancedtoken | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(). | |||||
| CVE-2020-8844 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. | |||||
| CVE-2018-14087 | 1 Encryptedtoken Project | 1 Encryptedtoken | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback function. | |||||
| CVE-2018-13211 | 1 Mytokenshr Project | 1 Mytokenshr | 2020-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2014-4607 | 1 Oberhumer | 2 Liblzo2, Lzo2 | 2020-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2018-13479 | 1 Slidebitstoken Project | 1 Slidebitstoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13495 | 1 Kmctoken Project | 1 Kmctoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13473 | 1 Ohni Project | 1 Ohni | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13534 | 1 Speedcashtoken Project | 1 Speedcashtoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13543 | 1 Gemstonetoken Project | 1 Gemstonetoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2013-2807 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2020-02-10 | 7.8 HIGH | 7.5 HIGH |
| Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 | |||||
| CVE-2013-2806 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2020-02-10 | 7.8 HIGH | 7.5 HIGH |
| Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 | |||||
| CVE-2017-18187 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. | |||||
| CVE-2019-14051 | 1 Qualcomm | 4 Mdm9206, Mdm9206 Firmware, Mdm9607 and 1 more | 2020-02-10 | 7.2 HIGH | 7.8 HIGH |
| Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 | |||||
| CVE-2014-4860 | 1 Tianocore | 1 Edk2 | 2020-02-07 | 7.2 HIGH | 6.8 MEDIUM |
| Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. | |||||
| CVE-2018-13041 | 1 Linktoken Project | 1 Linktoken | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13474 | 1 Fanschaintoken Project | 1 Fanschaintoken | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2014-4859 | 1 Tianocore | 1 Edk2 | 2020-02-06 | 7.2 HIGH | 6.8 MEDIUM |
| Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. | |||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2020-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||||