CVE-2022-32961

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code,...

CVE-2022-32960

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...

Stack overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...

Double free

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service...

Stack overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...

CVE-2022-32961 HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code,...

CVE-2022-32961

CVE-2022-32961 concerns HICOS’ client-side citizen digital certificate component, which has a stack-based buffer overflow when reading an IC card due to insufficient validation of token information parameter length. The vulnerability can be exploited by an unauthenticated, physical attacker to ex...

CVE-2022-32960

CVE-2022-32960 affects the HiCOS client-side citizen digital certificate component. The vulnerability is a stack-based buffer overflow caused by insufficient validation of the card number parameter when reading an IC card. An unauthenticated physical attacker can exploit this to execute arbitrary...

CVE-2022-32959

The CVE-2022-32959 entry concerns HiCOS’ client-side citizen digital certificate component, which is vulnerable to a stack-based buffer overflow when reading IC card data due to insufficient validation of OS information parameter length. The impact described in the sources is arbitrary code execu...

CVE-2022-32959 HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following products: Oracle Database Server Oracle Database - Enterprise Edition RDBMS Security. Oracle Spatial and Graph Oracle Universal Installer Oracle Application Express Oracle SQLcl The vulnerabilities potentially enable a malicious party to perform...

PT-2022-21608 · Hicos · Hicos

Name of the Vulnerable Software and Affected Versions: HiCOS client-side citizen digital certificate component affected versions not specified Description: The issue is a stack-based buffer overflow vulnerability in the client-side citizen digital certificate component when reading an IC card, du...

Vulnerabilities fixed in Juniper Junos Space

Vulnerabilities have been fixed in Junos Space Platform. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Accessing syste...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...

Vulnerabilities fixed in IBM Tivoli Netcool Impact

Vulnerabilities have been fixed in IBM Tivoli Netcool Impact. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Accessing sensitive data Accessing...

Vulnerabilities fixed in Red Hat Satellite

Vulnerabilities have been fixed in Red Hat Satellite. The vulnerabilities allow a malicious person to carry out attacks that lead to the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Circumvention of security measure. Remote code execution User Rights Access to...

Sql injection

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in several components of Spectrum Protect. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Access to system data Apache has released...

Path Traversal

github.com/gogs/gogs is vulnerable to path traversal. The vulnerability exists in the HTTP function in http.go due to a lack of input validation which allows a malicious user to craft an http request and gain access to unauthorized system data...