Live-Hack-CVE/CVE-2022-32570 Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:43:16 +0000 UTC Push: 2023-02-17 05:43:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-26840 Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:43:13 +0000 UTC Push: 2023-02-17 05:43:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-25905 Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:43:09 +0000 UTC Push: 2023-02-17 05:43:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-30530 Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:43:04 +0000 UTC Push: 2023-02-17 05:43:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-26841 Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:43:00 +0000 UTC Push: 2023-02-17 05:43:01 +0000 UTC |

Live-Hack-CVE/CVE-2022-40080 Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-17 05:42:57 +0000 UTC Push: 2023-02-17 05:42:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-26076 Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 05:42:53 +0000 UTC Push: 2023-02-17 05:42:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-0745 Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13. CVE project by @Sn0wAlice Create: 2023-02-17 05:42:46 +0000 UTC Push: 2023-02-17 05:42:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-0771 SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. CVE project by @Sn0wAlice Create: 2023-02-17 03:31:09 +0000 UTC Push: 2023-02-17 03:31:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-3568 The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action CVE project by @Sn0wAlice Create: 2023-02-17 03:31:05 +0000 UTC Push: 2023-02-17 03:31:08 +0000 UTC |

Live-Hack-CVE/CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses CVE project by @Sn0wAlice Create: 2023-02-17 03:31:02 +0000 UTC Push: 2023-02-17 03:31:04 +0000 UTC |

Live-Hack-CVE/CVE-2022-1721 Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:58 +0000 UTC Push: 2023-02-17 03:31:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-1713 SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:54 +0000 UTC Push: 2023-02-17 03:30:57 +0000 UTC |

Live-Hack-CVE/CVE-2022-1727 Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:51 +0000 UTC Push: 2023-02-17 03:30:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1767 Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:47 +0000 UTC Push: 2023-02-17 03:30:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-1774 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:43 +0000 UTC Push: 2023-02-17 03:30:46 +0000 UTC |

Live-Hack-CVE/CVE-2015-10076 A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is CVE project by @Sn0wAlice Create: 2023-02-17 03:30:40 +0000 UTC Push: 2023-02-17 03:30:42 +0000 UTC |

Live-Hack-CVE/CVE-2023-24483 A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:36 +0000 UTC Push: 2023-02-17 03:30:38 +0000 UTC |

Live-Hack-CVE/CVE-2023-23936 Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. CVE project by @Sn0wAlice Create: 2023-02-17 03:30:33 +0000 UTC Push: 2023-02-17 03:30:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24807 Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values CVE project by @Sn0wAlice Create: 2023-02-17 03:30:29 +0000 UTC Push: 2023-02-17 03:30:31 +0000 UTC |