Monthly Archive: July 2018

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. Date published :...

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. Date published :...

The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka...

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. Date published : 2018-07-05 https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c

The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. Date published : 2018-07-05 https://www.mercurial-scm.org/repo/hg/rev/faa924469635 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29

Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. Date published : 2018-07-05 https://github.com/gleez/cms/issues/795

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. Date published :...

The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. Date published : 2018-07-05 https://github.com/safecomet/EtherTokens/blob/master/PFGc%20%28PFGc%29/PFGc%20%28PFGc%29.md

The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. Date published : 2018-07-05 https://github.com/safecomet/EtherTokens/blob/master/ChuCunLingAIGO%20%28CCLAG%29/ChuCunLingAIGO%20%28CCLAG%29.md

The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. Date published : 2018-07-05 https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20%28BTX%29/Bittelux%20%28BTX%29.md

The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. Date published : 2018-07-05 https://github.com/safecomet/EtherTokens/blob/master/GROWCHAIN%20%28GROW%29/GROWCHAIN%20%28GROW%29.md

In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading...

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to...

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading...