Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32965 1 Omicard Edm Project 1 Omicard Edm 2024-11-21 9.8 Critical
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service.
CVE-2022-32964 1 Omicard Edm Project 1 Omicard Edm 2024-11-21 9.8 Critical
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service.
CVE-2022-32963 1 Omicard Edm Project 1 Omicard Edm 2024-11-21 7.5 High
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
CVE-2022-32962 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32961 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32960 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32959 1 Hinet 1 Hicos Natural Person Credential Component Client 2024-11-21 6.8 Medium
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
CVE-2022-32958 1 Teamplus 1 Team\+ Pro 2024-11-21 7.7 High
A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process.
CVE-2022-32920 1 Apple 1 Xcode 2024-11-21 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.
CVE-2022-32897 1 Apple 1 Macos 2024-11-21 7.8 High
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.
CVE-2022-32876 1 Apple 1 Macos 2024-11-21 3.3 Low
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.
CVE-2022-32868 1 Apple 3 Ipados, Iphone Os, Safari 2024-11-21 4.3 Medium
A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions.
CVE-2022-32864 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory.
CVE-2022-32863 1 Apple 2 Macos, Safari 2024-11-21 9.8 Critical
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-32854 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-11-21 5.5 Medium
This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.
CVE-2022-32795 1 Apple 2 Ipados, Iphone Os 2024-11-21 4.3 Medium
This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.
CVE-2022-32776 1 Wpadvancedads 1 Advanced Ads - Ad Manager \& Adsense 2024-11-21 4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Advanced Ads GmbH Advanced Ads – Ad Manager & AdSense plugin <= 1.31.1 on WordPress.
CVE-2022-32759 1 Ibm 4 Security Directory Integrator, Security Directory Server, Security Verify Access and 1 more 2024-11-21 5.3 Medium
IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565.
CVE-2022-32756 1 Ibm 1 Security Verify Directory 2024-11-21 2.7 Low
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.
CVE-2022-32755 1 Ibm 3 Security Directory Server, Security Directory Suite, Security Verify Directory 2024-11-21 5.5 Medium
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.