Live-Hack-CVE/CVE-2021-21781 An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at CVE project by @Sn0wAlice Create: 2023-02-03 23:30:07 +0000 UTC Push: 2023-02-03 23:30:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-4210 IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. CVE project by @Sn0wAlice Create: 2023-02-03 23:30:03 +0000 UTC Push: 2023-02-03 23:30:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-7307 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause CVE project by @Sn0wAlice Create: 2023-02-03 23:29:59 +0000 UTC Push: 2023-02-03 23:30:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:55 +0000 UTC Push: 2023-02-03 23:29:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-24425 Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:52 +0000 UTC Push: 2023-02-03 23:29:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-24426 Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:48 +0000 UTC Push: 2023-02-03 23:29:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-4207 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:42 +0000 UTC Push: 2023-02-03 23:29:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4238 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:38 +0000 UTC Push: 2023-02-03 23:29:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-4220 IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:34 +0000 UTC Push: 2023-02-03 23:29:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-4208 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:31 +0000 UTC Push: 2023-02-03 23:29:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:23 +0000 UTC Push: 2023-02-03 23:29:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0549 A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initia CVE project by @Sn0wAlice Create: 2023-02-03 21:16:28 +0000 UTC Push: 2023-02-03 21:16:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buf CVE project by @Sn0wAlice Create: 2023-02-03 20:07:56 +0000 UTC Push: 2023-02-03 20:07:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-25136 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not CVE project by @Sn0wAlice Create: 2023-02-03 20:07:52 +0000 UTC Push: 2023-02-03 20:07:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-48074 An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:48 +0000 UTC Push: 2023-02-03 20:07:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-23130 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during tr CVE project by @Sn0wAlice Create: 2023-02-03 20:07:44 +0000 UTC Push: 2023-02-03 20:07:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-23126 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:40 +0000 UTC Push: 2023-02-03 20:07:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-2327 io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the CVE project by @Sn0wAlice Create: 2023-02-03 20:07:36 +0000 UTC Push: 2023-02-03 20:07:38 +0000 UTC |

Ashifcoder/CVE-2022-44268-automated-poc An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image in Image Magic. Create: 2023-02-03 19:33:27 +0000 UTC Push: 2023-02-03 19:33:28 +0000 UTC |

SpiralBL0CK/CVE-2022-31144 CVE-2022-31144 dos pt redis, not finished yet or too soon, this can be turned into rce but oh well if you smart enough Create: 2023-02-03 16:40:38 +0000 UTC Push: 2023-02-03 16:40:38 +0000 UTC |