Cisco Security Advisories and Alerts published on Wed 18th Jul 2018.

Cisco Policy Suite for Mobile is a carrier-grade policy, charging, and subscriber data management solution. It helps service providers rapidly create and bring services to market, deliver a positive user experience, and optimize network resources. It also generates monetization opportunities across 3G, 4G, and LTE access networks as well as IP Multimedia Subsystem (IMS) service architectures.

Seems this round will make ISP busy!

Cisco Policy Suite Policy Builder Unauthenticated Access Vulnerability (CVE-2018-0376) – Critical

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-pspb-unauth-access

Cisco Policy Suite OSGi Interface Unauthenticated Access Vulnerability (CVE-2018-0377) – Critical

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-ps-osgi-unauth-access

Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability (CVE-2018-0374) – Critical

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-unauth-access

Cisco Policy Suite Cluster Manager Default Password Vulnerability (CVE-2018-0375) – Critical

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-cm-default-psswrd

Jul 2018 – What’s up involving LabCorp Cyber Security incident ?

Headline News said a global laboratory company suspect encounter cyber attack this month (Jul 2018). LabCorp  a leading global life sciences company,  aim to provides diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year. As of today, we did not heard any official announce the details. However the news on article given hints to speculated the root cause. The company insider senior managers were informed that the entire computer network of LabCorp, a Fortune 500 company, was shut down across the US Sunday morning after hackers tried to access the private medical records of millions of people.

Regarding to this unconfirmed cyber attack incident, can you still remember CVE-2018-10593 and CVE-2018-10595. What if attacker hunt the staff from LabCorp go through phishing email or send malicious MS Word document. It luck to evade the antivirus and firewall IPS. Then conduct the design weakness of BD Kiestra system vulnerabilities (CVE-2018-10593 and CVE-2018-10595). It looks that one of the data breach scenario will be successful establish.

A VULNERABILITY FOUND IN BECTON DICKINSON DB MANAGER (CVE-2018-10593 AND CVE-2018-10595)

A vulnerability found in becton dickinson DB Manager (CVE-2018-10593 and CVE-2018-10595)

Headline News:

EXCLUSIVE: Hackers have breached the network at LabCorp – one of the largest diagnostic blood testing laboratories in the US – sparking fears of exposing MILLIONS of patients’ private medical records

http://www.dailymail.co.uk/news/article-5959021/LabCorp-blood-testing-labs-hacked-sparking-fears-exposing-MILLIONS-patients-records.html

FBI Aware Of ‘Reports Of Ransomware Attack’ Involving LabCorp Security Breach

https://www.wfmynews2.com/article/news/fbi-aware-of-reports-of-ransomware-attack-involving-labcorp-security-breach/83-574887499

 

Have you heard CVE-20170-5645? Oracle critical patch update advisory – July 2018.

Background

Java programming language sometimes look like a accomplice. The Java Sandbox, which attempts to enforce a privilege model that permits safe execution of untrusted code, and is most famously used to permit the automatic execution of Java Applets in a browser.

Vulnerability details

Apache Log4j is a Java-based logging utility. Log4j is one of several Java logging frameworks. A design flaw found on Oracle products, Log4j has possibility then let vulnerabilities remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Sample of using the Log4j Library

public class Jangles {

private static Log log = LogFactory.getLog(Jangles.class);
Public static void main(String[] args){
log.info("This is a testing message.");
if(log.isDebugEnabled()){
log.debug("This is a testing message.");
}
}
}

Above sample will enable Log4j to control the output of other libraries which use Apache Commons Logging like the Java Caching System.
So, do you think this is the root causes hits the vulnerability?

Perhaps this vulnerability reference number go back 2017. However Oracle Critical Patch Update Advisory on July 2018 still has status update of this vulnerability. If you are the Oracle product user, you must stay alert. You should stay alert!

Vulnerability detail:

This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Official announcement hyperlink shown as below:

Oracle Critical Patch Update Advisory – July 2018 – http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixEM

 

Affected Products version and vulnerability details :

CVE Product Component Remote Exploit without Auth.? Base score Supported Versions Affected
CVE-2017-5645 Enterprise Manager Base Platform Installer (Apache Log4j) Yes 9.8 12.1.0.5, 13.2.x
CVE-2017-5645 Enterprise Manager Base Platform Security Framework (Apache Log4j) Yes 9.8 12.1.0.5, 13.2.x
CVE-2017-5645 Enterprise Manager for Fusion Middleware Application Replay (Apache Log4j) Yes 9.8 12.1.0.5, 13.2.x
CVE-2017-5645 Enterprise Manager for Fusion Middleware FMW Plugin for CC (Apache Log4j) Yes 9.8 12.1.0.5, 13.2.x
CVE-2017-5645 Enterprise Manager for MySQL Database EM Plugin: General (Apache Log4j) Yes 9.8 13.2.2.0.0 and prior
CVE-2017-5645 Enterprise Manager for Oracle Database Provisioning (Apache Log4j) Yes 9.8 12.1.0.8, 13.2.2
CVE-2017-5645 Enterprise Manager for Peoplesoft PSEM Plugin (Apache Log4j) Yes 9.8 13.1.1.1, 13.2.1.1
CVE-2017-5645 Oracle Banking Platform Collections (Apache Log4j) Yes 9.8 2.6.0, 2.6.1, 2.6.2
CVE-2017-5645 Oracle Financial Services Analytical Applications Infrastructure Infrastructure (Apache Log4j) Yes 9.8 7.3.3.x, 8.0.x
CVE-2017-5645 Oracle Financial Services Behavior Detection Platform Ingestion (Apache Log4j) Yes 9.8 8.0.x
CVE-2017-5645 Oracle Financial Services Funds Transfer Pricing Logging (Apache Log4j) Yes 9.8 6.1.1, 8.0.x
CVE-2017-5645 Oracle Financial Services Hedge Management and IFRS Valuations Logging (Apache Log4j) Yes 9.8 8.0.4, 8.0.5
CVE-2017-5645 Oracle Financial Services Loan Loss Forecasting and Provisioning Logging (Apache Log4j) Yes 9.8 8.0.4, 8.0.5
CVE-2017-5645 Oracle Financial Services Profitability Management Logging (Apache Log4j) Yes 9.8 6.1.1, 8.0.x
CVE-2017-5645 Oracle Enterprise Data Quality General (Apache Log4j) Yes 9.8 12.2.1.3.0
CVE-2017-5645 Oracle Fusion Middleware MapViewer Install (Apache Log4j) Yes 9.8 12.2.1.2, 12.2.1.3
CVE-2017-5645 MySQL Enterprise Monitor Service Manager (Apache Log4j) Yes 9.8 3.4.7.4297 and prior, 4.0.4.5235 and prior, 8.0.0.8131 and prior
CVE-2017-5645 PeopleSoft Enterprise FIN Install Security (Apache Log4j) Yes 9.8 9.2
CVE-2017-5645 Oracle Policy Automation Determinations Engine (Apache Log4j) Yes 9.8 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
CVE-2017-5645 Oracle Policy Automation Connector for Siebel Core (Apache Log4j) Yes 9.8 10.4.6
CVE-2017-5645 Oracle Policy Automation for Mobile Devices Core (Apache Log4j) Yes 9.8 10.4.7, 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 12.2.10
CVE-2017-5645 Oracle Retail Clearance Optimization Engine General Application (Apache Log4j) Yes 9.8 14.0.5
CVE-2017-5645 Oracle Retail Financial Integration PeopleSoft Integration Bugs (Apache Log4j) Yes 9.8 13.2.x, 14.0.x, 14.1.x, 15.0.x, 16.0.x, 16.0.x
CVE-2017-5645 Oracle Retail Integration Bus RIB Kernal (Apache Log4j) Yes 9.8 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.0 14.1.0, 15.0, 16.0
CVE-2017-5645 Oracle Retail Predictive Application Server RPAS Fusion Client (Apache Log4j) Yes 9.8 15.0.3
CVE-2017-5645 Oracle Retail Service Backbone Install (Apache Log4j) Yes 9.8 14.0.x, 14.1.x, 15.0.x, 16.0.x
CVE-2017-5645 Oracle Retail Service Layer Installation (Apache Log4j) Yes 9.8 12.0.x, 13.0.x, 13.1.x, 13.2.x, 14.0.x
CVE-2017-5645 Oracle AutoVue VueLink Integration Installation Issues (Apache Log4j) Yes 9.8 21.0.0, 21.0.1
CVE-2017-5645 Oracle Utilities Network Management System Logging (Apache Log4j) Yes 9.8 1.12.x, 2.3.x
CVE-2017-5645 Oracle Utilities Work and Asset Management Logging (Apache Log4j) Yes 9.8 1.9.1.2.12

 

 

 

July 2018 – SAP Security Patch Day

According to Panorama Consulting, the average implementation costs for SAP and Oracle both increased while competitor implementation costs decreased. But regarding to cyber security, all the products do not have differences. Yes, it is do the patch management and update.

SAP Security Patch Day – July 2018

SAP businessobjects business intelligence suite :
CVE-2018-2432,CVE-2018-2427 and CVE-2018-2431

SAP gateway:
CVE-2018-2433

SAP internet graphics server :
CVE-2018-2437,CVE-2018-2439 and CVE-2018-2438

SAP netweaver :
CVE-2018-2435 and CVE-2018-2434

SAP r/3 enterprise retail :
CVE-2018-2436

Should you have interested, please see official hyperlink for reference.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

9th Jul 2018 – Total 329 ethereum tokens vulnerable for integer overflow

More ethereum tokens now involves into a bug and causes jeopardize the reputation. So called integer overflow, a design limitation allows the owner of the contract to set the balance of an arbitrary user to any value.

Reference resource (Hyperlink) – see below:

https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md

The status last week (9th July 2018) shown that there are total 329 ethereum tokens are vulnerable for integer overflow (refer Table A). A proof of concept let software developer know SafeMath is able to help (remediate the risk interger overflow vulnerability). I am not going to repeat the details again. For more, please refer below article for reference.

Integer overflow weakness similar kill the Ethereum. But SafeMath to protect from overflows.

 

 

Table A – vulnerability checklist

ethereum — ablgenesistoken The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13741
ethereum — airdroppercryptics_token The mintToken function of a smart contract implementation for AirdropperCryptics, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13623
ethereum — aluxtoken The mintToken function of a smart contract implementation for ALUXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13533
ethereum — aman_token The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13515
ethereum — amtoken The mintToken function of a smart contract implementation for AMToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13600
ethereum — anovabace_token The mintToken function of a smart contract implementation for AnovaBace, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13737
ethereum — antoken The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13720
ethereum — app_token The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13661
ethereum — appletoken The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13776
ethereum — archain_token The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13606
ethereum — archercoin_token The mintToken function of a smart contract implementation for archercoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13608
ethereum — azttoken The mintToken function of a smart contract implementation for AZTToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13734
ethereum — bcaas_token The mintToken function of a smart contract implementation for BCaaS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13665
ethereum — bcxss_token The mintToken function of a smart contract implementation for Bcxss, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13539
ethereum — betterthanadrien_token The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13529
ethereum — beyondcashtoken The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13471
ethereum — bgamecoin_token The mintToken function of a smart contract implementation for Bgamecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13551
ethereum — bgc_token The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13648
ethereum — bigcadvancedtoken The mintToken function of a smart contract implementation for BIGCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13759
ethereum — billionrewardstoken The mint function of a smart contract implementation for BillionRewardsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13660
ethereum — biqutoken The mintToken function of a smart contract implementation for BiquToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13764
ethereum — bitcoinagiletoken The mintToken function of a smart contract implementation for BitcoinAgileToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13485
ethereum — bitedutoken The mintToken function of a smart contract implementation for BiteduToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13719
ethereum — bitmaxertoken The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13650
ethereum — bitpark_token The mintToken function of a smart contract implementation for Bitpark, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13638
ethereum — bitstarti_token The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13774
ethereum — bitstore_token The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13595
ethereum — bmvcoin_token The mintToken function of a smart contract implementation for BMVCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13562
ethereum — bpstoken The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13715
ethereum — briancoin_token The mintToken function of a smart contract implementation for BrianCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13659
ethereum — briant2token The mintToken function of a smart contract implementation for Briant2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13603
ethereum — bsctoken The mintToken function of a smart contract implementation for BSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13663
ethereum — btpcoin_token The mintToken function of a smart contract implementation for BTPCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13668
ethereum — buyertoken The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13470
ethereum — buytoken The mintToken function of a smart contract implementation for Order (ETH) (Contract Name: BuyToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13708
ethereum — c3_token The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13517
ethereum — captoz_token The mintToken function of a smart contract implementation for CAPTOZ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13617
ethereum — cardfactory_token The mintToken function of a smart contract implementation for CardFactory, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13594
ethereum — cardtoken The mintToken function of a smart contract implementation for CardToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13593
ethereum — carrot_token The mintToken function of a smart contract implementation for Carrot, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13491
ethereum — cartoken The mintToken function of a smart contract implementation for CarToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13748
ethereum — cavecoin_token The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13468
ethereum — cbrtoken The mintToken function of a smart contract implementation for CBRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13484
ethereum — ccash_token The mintToken function of a smart contract implementation for CCASH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13546
ethereum — cdcurrency_token The mintToken function of a smart contract implementation for CDcurrency, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13611
ethereum — cerb_coin_token The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13703
ethereum — cgctoken The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13778
ethereum — cherrycoin_token The mintToken function of a smart contract implementation for CHERRYCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13585
ethereum — cherrycoinfoundation_token The mintToken function of a smart contract implementation for CherryCoinFoundation, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13756
ethereum — cikkacoin_token The mintToken function of a smart contract implementation for CikkaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13637
ethereum — cjxtoken The mintToken function of a smart contract implementation for CJXToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13689
ethereum — cloutoken The mint function of a smart contract implementation for CloutToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13472
ethereum — cm_token The mintToken function of a smart contract implementation for CM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13714
ethereum — co2bit_token The mintToken function of a smart contract implementation for Co2Bit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13565
ethereum — cobtoken The mintToken function of a smart contract implementation for COBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13497
ethereum — code47_token The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13588
ethereum — coinquer_token The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13757
ethereum — combilladvancedtoken The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13674
ethereum — con0217_token The mintToken function of a smart contract implementation for CON0217, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13613
ethereum — coquinho_coin_token The mintToken function of a smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13550
ethereum — corellicoin_token The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13511
ethereum — cornerstone_token The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13767
ethereum — cosmotokenerc20_token The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13556
ethereum — crimsonshilling_token The mintToken function of a smart contract implementation for CrimsonShilling, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13629
ethereum — crowdnext_token The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13744
ethereum — crowdsale_token The mintToken function of a smart contract implementation for Crowdsale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13499
ethereum — crypto_alley_shares_token The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13488
ethereum — cryptoleu_token The mintToken function of a smart contract implementation for CryptoLeu, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13541
ethereum — cryptosistoken The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13754
ethereum — crystals_token The mintToken function of a smart contract implementation for Crystals, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13466
ethereum — csatoken The mintToken function of a smart contract implementation for CSAToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13609
ethereum — ctesale_token The mintToken function of a smart contract implementation for CTESale, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13477
ethereum — ctest7_token The mint function of a smart contract implementation for CTest7, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13695
ethereum — cws_token The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13664
ethereum — daddytoken The mintToken function of a smart contract implementation for DaddyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13493
ethereum — databits_token The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13711
ethereum — datashieldcoin_token The mintToken function of a smart contract implementation for DataShieldCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13574
ethereum — datiac_token The mintToken function of a smart contract implementation for Datiac, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13646
ethereum — dectoken The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13587
ethereum — deploy_token The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13649
ethereum — destineed_token The mintToken function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13699
ethereum — deweisecurityservicetoken The mintToken function of a smart contract implementation for DeWeiSecurityServiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13753
ethereum — dhacoin_token The mintToken function of a smart contract implementation for DhaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13528
ethereum — digitalcloudtoken The mint function of a smart contract implementation for DigitalCloudToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13519
ethereum — dinsteincoin_token The mintToken function of a smart contract implementation for DinsteinCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13671
ethereum — dmptoken The mintToken function of a smart contract implementation for DMPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13478
ethereum — doccoin_token The mintToken function of a smart contract implementation for doccoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13631
ethereum — doccoinpreico_token The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13630
ethereum — dopnetwork_token The mintToken function of a smart contract implementation for dopnetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13739
ethereum — eastcoin_token The mintToken function of a smart contract implementation for Eastcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13727
ethereum — easticoin_token The mintToken function of a smart contract implementation for Easticoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13766
ethereum — ecogreenhouse_token The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13505
ethereum — eddtoken The mintToken function of a smart contract implementation for eddToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13704
ethereum — elearningcoinerc_token The mintToken function of a smart contract implementation for ELearningCoinERC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13736
ethereum — elevatecoin_token The mintToken function of a smart contract implementation for ElevateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13527
ethereum — enter_token The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13735
ethereum — entercoin_token The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13782
ethereum — epiphanycoin_token The mintToken function of a smart contract implementation for EpiphanyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13467
ethereum — erc20_ico_token The mintToken function of a smart contract implementation for ERC20_ICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13536
ethereum — eristicaico_token The mintToken function of a smart contract implementation for EristicaICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13666
ethereum — escut_token The mintToken function of a smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13576
ethereum — esh_token The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13780
ethereum — esportz_token The mintToken function of a smart contract implementation for esportz, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13514
ethereum — essence_token The mintToken function of a smart contract implementation for Essence, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13702
ethereum — eststoken The mintToken function of a smart contract implementation for ESTSToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13654
ethereum — eth033_token The mintToken function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13561
ethereum — ethercash_token The mintToken function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13482
ethereum — ethereumlegit_token The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13537
ethereum — ethereumsmart_token The mintToken function of a smart contract implementation for EthereumSmart, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13640
ethereum — exacorecontract_token The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13771
ethereum — exgroup_token The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13522
ethereum — exsulcoin_token The mintToken function of a smart contract implementation for exsulcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13683
ethereum — extremetoken The mintToken function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13605
ethereum — fanschaintoken The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13474
ethereum — film_token The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13490
ethereum — finaltoken The mintToken function of a smart contract implementation for FinalToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13749
ethereum — fiocoin_token The mintToken function of a smart contract implementation for Fiocoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13645
ethereum — flow_token The mintToken function of a smart contract implementation for Flow, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13525
ethereum — forevercoin_token The mintToken function of a smart contract implementation for ForeverCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13579
ethereum — futurxe_token The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13718
ethereum — galacticx_token The mintToken function of a smart contract implementation for GalacticX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13601
ethereum — galaxycoin_token The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13578
ethereum — gatcoin_token The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13564
ethereum — gcrtokenerc210_token The mintToken function of a smart contract implementation for GCRTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13643
ethereum — gemstonetoken The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13543
ethereum — gfc_token The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13655
ethereum — gfcb_token The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13670
ethereum — globalsupergametoken The mintToken function of a smart contract implementation for GlobalSuperGameToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13725
ethereum — globecoin_token An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-14004
ethereum — gmile_token The mintToken function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13694
ethereum — goldtokenerc20_token The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13673
ethereum — gomineworld_token The mintToken function of a smart contract implementation for GoMineWorld, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13721
ethereum — goochain_token The mintToken function of a smart contract implementation for Goochain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13677
ethereum — goramcoin_token The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13571
ethereum — greenenergytoken The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13693
ethereum — gsi_token The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13540
ethereum — hashshield_token The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13545
ethereum — hbcm_token The mintToken function of a smart contract implementation for HBCM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13635
ethereum — heliumnetwork_token The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13502
ethereum — help_token The mintToken function of a smart contract implementation for HELP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13486
ethereum — hey_token The mintToken function of a smart contract implementation for HEY, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13730
ethereum — hittoken The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13569
ethereum — hormitechtoken The mintToken function of a smart contract implementation for HormitechToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13717
ethereum — hrwtoken The mintToken function of a smart contract implementation for HRWtoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13501
ethereum — huntercoin_token The mintToken function of a smart contract implementation for HunterCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13530
ethereum — hyipcrowdsale1_token The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13724
ethereum — hyiptoken The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13722
ethereum — iamrich_token The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13509
ethereum — ico_dollar_token The mintToken function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13686
ethereum — icocontract_token The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13469
ethereum — ideacoin_token The mintToken function of a smart contract implementation for IdeaCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13706
ethereum — instacocoa_token The mintToken function of a smart contract implementation for Instacocoa, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13690
ethereum — ioct_coin_token The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13616
ethereum — ipmcoin_token The mintToken function of a smart contract implementation for IPMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13700
ethereum — ipshoots_token The mintToken function of a smart contract implementation for ipshoots, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13653
ethereum — iseevoicetoken The mintToken function of a smart contract implementation for ISeeVoiceToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13726
ethereum — jaxbox_token The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13555
ethereum — jeanstoken The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13769
ethereum — jiucaitoken The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13783
ethereum — jixocoin_token The mintToken function of a smart contract implementation for JixoCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13728
ethereum — jpmd100b_token The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13729
ethereum — justwallet_token The mintToken function of a smart contract implementation for JustWallet, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13751
ethereum — kapaycoin_token The mintToken function of a smart contract implementation for KAPAYcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13498
ethereum — kapcoin_token The mintToken function of a smart contract implementation for KAPcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13591
ethereum — kbit_token The mintToken function of a smart contract implementation for kBit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13746
ethereum — kelvintoken The mintToken function of a smart contract implementation for KelvinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13560
ethereum — kissme_token The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13701
ethereum — kktestcoin1_token The mint function of a smart contract implementation for kkTestCoin1 (KTC1), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13570
ethereum — kmctoken The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13495
ethereum — krown_token The mintlvlToken function of a smart contract implementation for Krown, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13625
ethereum — landcoin_token The mintToken function of a smart contract implementation for LandCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13765
ethereum — lexittoken The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13680
ethereum — lolicoin_token The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13758
ethereum — lottery_token The mintToken function of a smart contract implementation for Lottery, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13678
ethereum — malaysia_coins_token An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-14005
ethereum — malltoken The mintToken function of a smart contract implementation for MallToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13688
ethereum — martcoin_token The mintToken function of a smart contract implementation for Martcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13633
ethereum — mavcash_token The mintToken function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13614
ethereum — maxhouse_token The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13531
ethereum — mediacubetoken The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13634
ethereum — medicayunlink_token The mintToken function of a smart contract implementation for MedicayunLink, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13610
ethereum — mehditazitoken The mintToken function of a smart contract implementation for MehdiTAZIToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13692
ethereum — micoinnetworktoken The mintToken function of a smart contract implementation for MicoinNetworkToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13651
ethereum — micointoken The mintToken function of a smart contract implementation for MicoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13619
ethereum — micro_btc_token The mintToken function of a smart contract implementation for Micro BTC (MBTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13553
ethereum — mimicoin_token The mintToken function of a smart contract implementation for Mimicoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13548
ethereum — mindexcoin_token The mintToken function of a smart contract implementation for Mindexcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13532
ethereum — miningtoken The mint function of a smart contract implementation for MiningToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13602
ethereum — mjctoken The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13615
ethereum — mjolnir_token The mintToken function of a smart contract implementation for Mjolnir, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13710
ethereum — mkethtoken The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13483
ethereum — mktcoin_token The mintToken function of a smart contract implementation for MktCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13568
ethereum — mmcoin_token The mintToken function of a smart contract implementation for MMCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13504
ethereum — momentumtoken The mintToken function of a smart contract implementation for MomentumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13628
ethereum — moneychainnet_token The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13760
ethereum — moneytree_token The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13554
ethereum — mooadvtoken The mintToken function of a smart contract implementation for MooAdvToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13589
ethereum — moontoken The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13462
ethereum — mp3_coin_token An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-14002
ethereum — msxadvanced_token The mintToken function of a smart contract implementation for MSXAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13500
ethereum — mvgcoin_token The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13641
ethereum — my2token The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13582
ethereum — myoffer_token The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13627
ethereum — myylc_token The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13781
ethereum — naga_token The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13492
ethereum — ncu_token The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13669
ethereum — nectar_token The mintToken function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13586
ethereum — neo_genesis_token An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-14006
ethereum — netkilleradvancedtokenairdrop_token The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13761
ethereum — netkillertoken The mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13773
ethereum — neurotoken The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13549
ethereum — nexpara_token The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13632
ethereum — normikaivo_token The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13687
ethereum — numisma_token The mintToken function of a smart contract implementation for Numisma, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13544
ethereum — objecttoken The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13622
ethereum — obtcoin_token The mintToken function of a smart contract implementation for OBTCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13672
ethereum — ohni_2_token The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13473
ethereum — olliscoin_token The mintToken function of a smart contract implementation for OllisCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13489
ethereum — onechain_token The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13740
ethereum — orderbook_presale_token The mintToken function of a smart contract implementation for Orderbook Presale Token (OBP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13676
ethereum — otakutoken The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13755
ethereum — paccoin_token The mintToken function of a smart contract implementation for PACCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13535
ethereum — paulycoin_token The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13465
ethereum — pelocointoken The mintToken function of a smart contract implementation for PELOCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13738
ethereum — pgm_coin_token The mintToken function of a smart contract implementation for PGM_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13572
ethereum — philcoin_token The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13476
ethereum — pinkytoken The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13521
ethereum — platotoken The mintToken function of a smart contract implementation for PlatoToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13487
ethereum — play2livepromo_token The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13698
ethereum — pmet_token The mintToken function of a smart contract implementation for PMET, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13712
ethereum — pmhtoken The mintToken function of a smart contract implementation for PMHToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13705
ethereum — porncoin_token The mintToken function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13524
ethereum — projectj_token The mintToken function of a smart contract implementation for ProjectJ, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13733
ethereum — providence_crypto_casino_token The mintToken function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13547
ethereum — providencecasino_token The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13580
ethereum — qrg_token The mintToken function of a smart contract implementation for QRG, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13480
ethereum — rajtest_token The mintToken function of a smart contract implementation for RajTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13592
ethereum — rajtestico_token The mintToken function of a smart contract implementation for RajTestICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13496
ethereum — rckt_coin_token The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13775
ethereum — redticket_token The mintToken function of a smart contract implementation for RedTicket, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13696
ethereum — remicoin_token An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks. CVE-2018-12230
ethereum — residualshare_token The mintToken function of a smart contract implementation for ResidualShare, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13607
ethereum — residualvalue_token The mintToken function of a smart contract implementation for ResidualValue, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13599
ethereum — retntoken The mintToken function of a smart contract implementation for RETNToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13566
ethereum — rhovit_token The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13558
ethereum — rice_token The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13657
ethereum — richiumtoken The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13750
ethereum — riptidecoin_token The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13732
ethereum — robincoin_token The mintToken function of a smart contract implementation for Robincoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13612
ethereum — robotbtc_token The mintToken function of a smart contract implementation for RobotBTC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13697
ethereum — rocket_coin_token An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-13836
ethereum — royalclassiccoin_token The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13644
ethereum — rrtoken The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13777
ethereum — rtokenmain_token The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13691
ethereum — sample_token The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13656
ethereum — sdr22_token The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13506
ethereum — sdr_token The mintToken function of a smart contract implementation for SDR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13567
ethereum — secoin_token The mintToken function of a smart contract implementation for SECoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13642
ethereum — semaintoken The mintToken function of a smart contract implementation for SemainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13626
ethereum — sendme_token The mintToken function of a smart contract implementation for SendMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13598
ethereum — sexhdsolo_token The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13716
ethereum — sharktech_token An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-14001
ethereum — shitcoin_token The mintToken function of a smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13577
ethereum — shmoo_token The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13583
ethereum — sipcoin_token The mintToken function of a smart contract implementation for SIPCOIN, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13590
ethereum — sipctoken The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13538
ethereum — slcadvancedtoken The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13507
ethereum — slidebitstoken The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13479
ethereum — smart_contract_implementation_for_tickets_token The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13742
ethereum — smarthomecoin_token The mintToken function of a smart contract implementation for SmartHomeCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13512
ethereum — smartpayment_token The mintToken function of a smart contract implementation for SmartPayment, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13523
ethereum — soscoin_token The mintToken function of a smart contract implementation for SOSCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13681
ethereum — soundtribetoken The mintToken function of a smart contract implementation for SoundTribeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13621
ethereum — south_park_token The mintToken function of a smart contract implementation for South Park Token Token (SPTKN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13503
ethereum — speedcashlite_token The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13534
ethereum — stctoken The mintToken function of a smart contract implementation for STCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13745
ethereum — super_cool_awesome_money_token The mintToken function of a smart contract implementation for Super Cool Awesome Money (SCAM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13516
ethereum — superenergy_token The mintToken function of a smart contract implementation for SuperEnergy (SEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13743
ethereum — susantokenerc20_token The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13494
ethereum — t-swap-token The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13463
ethereum — t_swap_token The mintToken function of a smart contract implementation for t_swap, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13464
ethereum — tcash_token The mintToken function of a smart contract implementation for TCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13518
ethereum — testahihi_token The mintToken function of a smart contract implementation for TESTAhihi, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13596
ethereum — testcoin_token The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13597
ethereum — theflashtoken The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13772
ethereum — thegodgital_token The mintToken function of a smart contract implementation for TheGoDgital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13658
ethereum — thegodigital_token The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13652
ethereum — thread_token The mintToken function of a smart contract implementation for Thread, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13752
ethereum — tokenmachu_token The mintToken function of a smart contract implementation for TokenMACHU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13731
ethereum — topscoinadvanced_token The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13520
ethereum — trabet_coin_preico_token The mintToken function of a smart contract implementation for Trabet_Coin_PreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13552
ethereum — trabet_coin_token The mintToken function of a smart contract implementation for Trabet_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13557
ethereum — tradesman_token The mintToken function of a smart contract implementation for Tradesman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13713
ethereum — travelcoin_token The mintToken function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13581
ethereum — tripcash_token The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13620
ethereum — trippay_token The mintToken function of a smart contract implementation for TripPay, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13573
ethereum — trium_token The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13481
ethereum — truegoldcointoken The mintToken function of a smart contract implementation for TrueGoldCoinToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13647
ethereum — tube_token The mintToken function of a smart contract implementation for Tube, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13709
ethereum — turdcoin_token The mintToken function of a smart contract implementation for TurdCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13636
ethereum — ubiou_token The mintToken function of a smart contract implementation for Ubiou, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13513
ethereum — ublasti_token The mintToken function of a smart contract implementation for Ublasti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13763
ethereum — ultimatecoin_token The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13770
ethereum — upaytoken The mintToken function of a smart contract implementation for UPayToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13563
ethereum — utbtokentest_token The mintToken function of a smart contract implementation for UTBTokenTest, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13667
ethereum — utct_token The mintToken function of a smart contract implementation for UTCT, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13559
ethereum — vanminhcoin_token The mintToken function of a smart contract implementation for VanMinhCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13747
ethereum — vicetoken_ico_is_a_scam_token The mintToken function of a smart contract implementation for VICETOKEN_ICO_IS_A_SCAM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13618
ethereum — virtual_energy_units_token The mintToken function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13639
ethereum — vitemoneycoin_token The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13682
ethereum — vittoken The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13508
ethereum — vornox_token The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13685
ethereum — vsctoken The mintToken function of a smart contract implementation for VSCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13475
ethereum — wangwangtoken The mintToken function of a smart contract implementation for WangWangToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13526
ethereum — welfare_token_fund_token The mintToken function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13510
ethereum — wellieat_token The mintToken function of a smart contract implementation for wellieat, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13604
ethereum — wemediachain_token An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user’s balance. CVE-2018-14003
ethereum — worldopctionchain_token The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13662
ethereum — wxsltoken The mintToken function of a smart contract implementation for WXSLToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13624
ethereum — yambyo_token The mintToken function of a smart contract implementation for YAMBYO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13675
ethereum — yasudem_token The mintToken function of a smart contract implementation for yasudem, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13584
ethereum — yestoken The mintToken function of a smart contract implementation for YESToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13575
ethereum — ylctoken The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13779
ethereum — yss_token The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13707
ethereum — yumerium_token The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13762
ethereum — zibtoken The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13542
ethereum — zip_token The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13684
ethereum — zpecoin_token The mintToken function of a smart contract implementation for ZPEcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13679
ethereum — ztoken The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13768

 

 

 

 

Node.js hits arbitrary command injection (CVE-2018-13797)

Node.js framework become popular today. Node.js can build the application on ethereum (cryptocurrency). Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js’ package ecosystem, npm, is the largest ecosystem of open source libraries in the world.

Meanwhile, npm is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. Software developers must stay alert on CVE-2018-13797. Should you have interested, please refer below:

Fixes arbitrary command injection by using execFile instead of exec:

https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332

https://github.com/scravy/node-macaddress/pull/20/

Jul 2018 – Siemens Security Advisory by Siemens ProductCERT

Selective Availability (SA) was an intentional degradation of public GPS signals implemented for national security reasons. In May 2000, at the direction of President Bill Clinton, the U.S government discontinued its use of Selective Availability in order to make GPS more responsive to civil and commercial users worldwide. And therefore the GPS open to public usage. Measuring distance from a satellite define by the following:

  1. Velocity x time = distance
  2. Three perfect measurements can locate a point in 3-dimensional space, means synchorning the satellite and receiver are based on perfect timing (clock). A major element in GPS system.

But security vulnerabilities occurs on the timing machine. Official announcement shown as below:

Siemens Security Advisory by Siemens ProductCERT SSA-197012: Vulnerabilities in SICLOCK central plant clocks: https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf

Jul 2018 – The IoT P2P (Peer to Peer) design flaw let passwords of over 30,000 devices exposed in search engine

The P2P (Peer to Peer) function is common function for the operation support for Internet of things devices. It aim to simplify the operation and increasing flexibility. We now focusing on data personal privacy but the fundamental of user friendly functions looks contained contradiction with secure operation. The firm (NewSky security) found password for tens of thousands of Dahua devices cached in the IoT search engine. In the meantime the hardware manufacturer not provides any responses in regard to this incident. Stay tuned! And see whether what is the reply by hardware vendor.

Should you have interested to know the details, please refer to attached diagram and url for references.

Passwords for tens of thousands of Dahua devices cached in the IoT search engine – https://amazingreveal.com/2018/07/15/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-the-iot-search-engine/

Official Announcement/Notice – https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice

Vulnerability found recently

22nd May 2018: Security Advisory – Privilege escalation vulnerability found in some Dahua IP products

 

New version of black energy cyber attack target Microsoft OLE product design weakness

Ukrainian intel agency has claimed it stopped a cyber attack against a chlorine plant that was launched using the notorious VPNFilter malware. Perhaps the world focusing VPN filter malware spreading and infection. We known earlier last month that such attack targets are the low end wireless router and network access storage (NAS).

However, from my point of view is that the main stream of the cyber attack so far happening not limit to this incident. The fact is that lure the attacker interest to do the re-engineering of their attacks seems maintain on Microsoft office product. What is the key component? Yes, it is OLE objective linking and embedding. Or you may say, if I am following Microsoft patch Tue remediation schedule it will be safe. It looks correct. But normal RTF file, it was able to avoid detection by many security products. And therefore attacker conduct similar hacking technology to execute cyber attack in Ukrainian. The political situation of Ukrainian given a never ending story. Meanwhile the world never without using MS office document!

Reference:

Headlines news – Ukraine claims it blocked VPNFilter attack at chemical plant : https://www.theregister.co.uk/2018/07/13/ukraine_vpnfilter_attack/

My speculation on how Cisco (Talos) found the malware (VPNFilter malware)

My speculation on how Cisco (Talos) found the malware (VPNFilter malware).

 

12th Jul 2018 – ISC Kea 1.4.0 failure to release memory may exhaust system resources

CVE-2018-5739: ISC Kea 1.4.0 failure to release memory may exhaust system resources

Hook/Hook Point – used interchageably, this is a point in the code at which a call to user functions is made. Each hook has a name and each hook can have any number (including 0) of user functions attached to it. Store leases and host reservations in a MySQL, PostgreSQL or Cassandra database rather than a text file.

official document for reference: https://kb.isc.org/article/AA-01626