timpen432/-Wh0Am1001-CVE-2023-21753 Create: 2023-02-14 12:43:39 +0000 UTC Push: 2023-02-17 11:43:16 +0000 UTC |

zwlsix/KeePass-CVE-2023-24055 KeePass CVE-2023-24055复现 Create: 2023-02-14 12:01:20 +0000 UTC Push: 2023-02-14 12:01:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-0804 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:44 +0000 UTC Push: 2023-02-14 09:52:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0803 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:40 +0000 UTC Push: 2023-02-14 09:52:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-0802 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:37 +0000 UTC Push: 2023-02-14 09:52:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-0801 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:33 +0000 UTC Push: 2023-02-14 09:52:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-0800 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:29 +0000 UTC Push: 2023-02-14 09:52:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-0799 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:25 +0000 UTC Push: 2023-02-14 09:52:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-0798 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:22 +0000 UTC Push: 2023-02-14 09:52:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-0797 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:18 +0000 UTC Push: 2023-02-14 09:52:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0796 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:15 +0000 UTC Push: 2023-02-14 09:52:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0795 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:11 +0000 UTC Push: 2023-02-14 09:52:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0518 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:08 +0000 UTC Push: 2023-02-14 09:52:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-4138 A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:04 +0000 UTC Push: 2023-02-14 09:52:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-3759 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq CVE project by @Sn0wAlice Create: 2023-02-14 09:52:00 +0000 UTC Push: 2023-02-14 09:52:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-3411 A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. CVE project by @Sn0wAlice Create: 2023-02-14 09:51:55 +0000 UTC Push: 2023-02-14 09:51:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0776 Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been test CVE project by @Sn0wAlice Create: 2023-02-14 07:42:07 +0000 UTC Push: 2023-02-14 07:42:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-25572 react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField> CVE project by @Sn0wAlice Create: 2023-02-14 07:42:03 +0000 UTC Push: 2023-02-14 07:42:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-25241 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:59 +0000 UTC Push: 2023-02-14 07:42:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-25240 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:55 +0000 UTC Push: 2023-02-14 07:41:58 +0000 UTC |