EUVD-2022-36026

Malicious code in bioql PyPI...

CVE-2024-53961

CVE-2024-53961 affects Adobe ColdFusion 2023.11, 2021.17 and earlier, due to an improper limitation of a pathname to a restricted directory (path traversal) that can lead to arbitrary file-system reads. Impact per sources: potential disclosure of sensitive files or data outside the intended direc...

Hardcoded credentials

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

Stack overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...

Double free

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service...

Stack overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...

CVE-2022-32961

CVE-2022-32961 concerns HICOS’ client-side citizen digital certificate component, which has a stack-based buffer overflow when reading an IC card due to insufficient validation of token information parameter length. The vulnerability can be exploited by an unauthenticated, physical attacker to ex...

PT-2022-21608 · Hicos · Hicos

Name of the Vulnerable Software and Affected Versions: HiCOS client-side citizen digital certificate component affected versions not specified Description: The issue is a stack-based buffer overflow vulnerability in the client-side citizen digital certificate component when reading an IC card, du...

SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2020-29753)

SAP Adaptive Server Enterprise is a relational database server from SAP. An information disclosure vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability to obtain account credentials, manipulate system data, and impact system availability...

CVE-2019-8159

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection...