Search Results (363290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32988 1 Asus 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp.
CVE-2022-32987 1 Simple Bakery Shop Management System Project 1 Simple Bakery Shop Management System 2024-11-21 4.8 Medium
Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields.
CVE-2022-32985 1 Nexans 26 Gigaswitch 641 Desk V5 Sfp-vi, Gigaswitch 641 Desk V5 Sfp-vi Firmware, Gigaswitch 642 Desk V5 Sfp-2vi and 23 more 2024-11-21 9.8 Critical
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
CVE-2022-32983 1 Nic 1 Knot Resolver 2024-11-21 5.3 Medium
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
CVE-2022-32981 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.
CVE-2022-32978 1 Jpeg 1 Libjpeg 2024-11-21 6.5 Medium
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.
CVE-2022-32974 1 Tenable 1 Nessus 2024-11-21 6.5 Medium
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
CVE-2022-32973 1 Tenable 1 Nessus 2024-11-21 8.8 High
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
CVE-2022-32969 1 Metamask 1 Metamask 2024-11-21 5.9 Medium
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue.
CVE-2022-32965 1 Omicard Edm Project 1 Omicard Edm 2024-11-21 9.8 Critical
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
CVE-2022-32964 1 Omicard Edm Project 1 Omicard Edm 2024-11-21 9.8 Critical
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
CVE-2022-32963 1 Omicard Edm Project 1 Omicard Edm 2024-11-21 7.5 High
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
CVE-2022-32962 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32961 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32960 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32959 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32958 1 Teamplus 1 Team\+ Pro 2024-11-21 7.7 High
A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
CVE-2022-32920 1 Apple 1 Xcode 2024-11-21 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.
CVE-2022-32897 1 Apple 1 Macos 2024-11-21 7.8 High
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.
CVE-2022-32876 1 Apple 1 Macos 2024-11-21 3.3 Low
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.