Live-Hack-CVE/CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:17 +0000 UTC Push: 2023-02-18 01:47:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45699 Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:13 +0000 UTC Push: 2023-02-18 01:47:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48301 The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. CVE project by @Sn0wAlice Create: 2023-02-17 23:37:11 +0000 UTC Push: 2023-02-17 23:37:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-48296 The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. CVE project by @Sn0wAlice Create: 2023-02-17 23:37:08 +0000 UTC Push: 2023-02-17 23:37:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0575 External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with CVE project by @Sn0wAlice Create: 2023-02-17 23:37:04 +0000 UTC Push: 2023-02-17 23:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-48295 The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). CVE project by @Sn0wAlice Create: 2023-02-17 23:37:00 +0000 UTC Push: 2023-02-17 23:37:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-48294 The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:54 +0000 UTC Push: 2023-02-17 23:36:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-40032 SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:50 +0000 UTC Push: 2023-02-17 23:36:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-32972 Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:46 +0000 UTC Push: 2023-02-17 23:36:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-23586 Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a ti CVE project by @Sn0wAlice Create: 2023-02-17 23:36:42 +0000 UTC Push: 2023-02-17 23:36:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-40347 SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:38 +0000 UTC Push: 2023-02-17 23:36:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-21419 An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:34 +0000 UTC Push: 2023-02-17 23:36:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-21434 Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:30 +0000 UTC Push: 2023-02-17 23:36:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-37340 Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:22 +0000 UTC Push: 2023-02-17 21:23:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-36416 Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:18 +0000 UTC Push: 2023-02-17 21:23:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-36382 Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:14 +0000 UTC Push: 2023-02-17 21:23:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-35883 NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:10 +0000 UTC Push: 2023-02-17 21:23:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-36289 Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:06 +0000 UTC Push: 2023-02-17 21:23:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-36287 Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:03 +0000 UTC Push: 2023-02-17 21:23:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-34346 Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:22:59 +0000 UTC Push: 2023-02-17 21:23:02 +0000 UTC |