Live-Hack-CVE/CVE-2022-43460 Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. CVE project by @Sn0wAlice Create: 2023-02-13 21:41:56 +0000 UTC Push: 2023-02-13 21:41:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0808 A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to lau CVE project by @Sn0wAlice Create: 2023-02-13 21:41:46 +0000 UTC Push: 2023-02-13 21:41:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-25727 In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:33 +0000 UTC Push: 2023-02-13 20:31:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24572 Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:29 +0000 UTC Push: 2023-02-13 20:31:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-23697 Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:26 +0000 UTC Push: 2023-02-13 20:31:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-45455 Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:22 +0000 UTC Push: 2023-02-13 20:31:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-45454 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:18 +0000 UTC Push: 2023-02-13 20:31:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-34397 Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:15 +0000 UTC Push: 2023-02-13 20:31:17 +0000 UTC |

cvedb/CVE-2020-2551 Create: 2023-02-13 17:41:22 +0000 UTC Push: 2023-02-13 17:42:01 +0000 UTC |

w3security/CVE-2020-2551 Create: 2023-02-13 17:41:22 +0000 UTC Push: 2023-02-13 17:42:01 +0000 UTC |

rvizx/CVE-2022-28368 Dompdf - RCE via Injeting a CSS file Create: 2023-02-13 16:10:00 +0000 UTC Push: 2023-02-14 16:33:51 +0000 UTC |

Live-Hack-CVE/CVE-2018-14634 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:41 +0000 UTC Push: 2023-02-13 14:49:43 +0000 UTC |

Live-Hack-CVE/CVE-2018-1047 A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:37 +0000 UTC Push: 2023-02-13 14:49:39 +0000 UTC |

Live-Hack-CVE/CVE-2018-16865 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute cod CVE project by @Sn0wAlice Create: 2023-02-13 14:49:34 +0000 UTC Push: 2023-02-13 14:49:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-16884 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due CVE project by @Sn0wAlice Create: 2023-02-13 14:49:30 +0000 UTC Push: 2023-02-13 14:49:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-16889 Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:27 +0000 UTC Push: 2023-02-13 14:49:29 +0000 UTC |

Live-Hack-CVE/CVE-2018-16885 A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue onl CVE project by @Sn0wAlice Create: 2023-02-13 14:49:24 +0000 UTC Push: 2023-02-13 14:49:26 +0000 UTC |

Live-Hack-CVE/CVE-2018-16866 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:20 +0000 UTC Push: 2023-02-13 14:49:22 +0000 UTC |

Live-Hack-CVE/CVE-2018-1065 The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/i CVE project by @Sn0wAlice Create: 2023-02-13 14:49:16 +0000 UTC Push: 2023-02-13 14:49:19 +0000 UTC |

Live-Hack-CVE/CVE-2018-1098 A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an at CVE project by @Sn0wAlice Create: 2023-02-13 14:49:13 +0000 UTC Push: 2023-02-13 14:49:15 +0000 UTC |