Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
CVE-2018-14004
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-07-12
CVE-2018-14005
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-07-12
CVE-2018-14006
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-07-12
CVE-2017-18155
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-07-12
CVE-2018-12540
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-07-12
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
CVSS Score
4.7
EPSS Score
0.001
Published
2018-07-12
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.
CVSS Score
5.4
EPSS Score
0.407
Published
2018-07-12
CVE-2018-10895
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
CVSS Score
9.3
EPSS Score
0.002
Published
2018-07-12
CVE-2018-13996
Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-12
CVE-2018-13997
Genann through 2018-07-08 has a SEGV in genann_run in genann.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved