Live-Hack-CVE/CVE-2022-39193 An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:31 +0000 UTC Push: 2023-02-03 02:22:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-10186 A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:26 +0000 UTC Push: 2023-02-03 02:22:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-0286 A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. CVE project by @Sn0wAlice Create: 2023-02-03 02:22:22 +0000 UTC Push: 2023-02-03 02:22:25 +0000 UTC |

miko550/CVE-2022-46169 Create: 2023-02-03 02:21:08 +0000 UTC Push: 2023-02-03 02:21:09 +0000 UTC |

Live-Hack-CVE/CVE-2011-2920 CVE-2011-2920 Satellite: XSS flaw(s) in filter handling CVE project by @Sn0wAlice Create: 2023-02-03 00:11:02 +0000 UTC Push: 2023-02-03 00:11:05 +0000 UTC |

Live-Hack-CVE/CVE-2012-2386 CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension CVE project by @Sn0wAlice Create: 2023-02-03 00:10:59 +0000 UTC Push: 2023-02-03 00:11:01 +0000 UTC |

Live-Hack-CVE/CVE-2011-2487 A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:55 +0000 UTC Push: 2023-02-03 00:10:57 +0000 UTC |

Live-Hack-CVE/CVE-2011-2927 CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search CVE project by @Sn0wAlice Create: 2023-02-03 00:10:51 +0000 UTC Push: 2023-02-03 00:10:54 +0000 UTC |

Live-Hack-CVE/CVE-2018-1111 A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using CVE project by @Sn0wAlice Create: 2023-02-03 00:10:47 +0000 UTC Push: 2023-02-03 00:10:50 +0000 UTC |

Live-Hack-CVE/CVE-2011-4127 CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl CVE project by @Sn0wAlice Create: 2023-02-03 00:10:43 +0000 UTC Push: 2023-02-03 00:10:46 +0000 UTC |

Live-Hack-CVE/CVE-2011-3344 CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page CVE project by @Sn0wAlice Create: 2023-02-03 00:10:39 +0000 UTC Push: 2023-02-03 00:10:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-3248 It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:35 +0000 UTC Push: 2023-02-03 00:10:38 +0000 UTC |

Live-Hack-CVE/CVE-2016-3693 A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:31 +0000 UTC Push: 2023-02-03 00:10:34 +0000 UTC |

Live-Hack-CVE/CVE-2012-3386 It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". CVE project by @Sn0wAlice Create: 2023-02-03 00:10:27 +0000 UTC Push: 2023-02-03 00:10:30 +0000 UTC |

Live-Hack-CVE/CVE-2017-15097 Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:24 +0000 UTC Push: 2023-02-03 00:10:26 +0000 UTC |

Live-Hack-CVE/CVE-2015-3247 A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of th CVE project by @Sn0wAlice Create: 2023-02-03 00:10:20 +0000 UTC Push: 2023-02-03 00:10:22 +0000 UTC |

Live-Hack-CVE/CVE-2011-3609 CVE-2011-3609 JBoss AS: CSRF in the administration console & HTTP management API CVE project by @Sn0wAlice Create: 2023-02-03 00:10:16 +0000 UTC Push: 2023-02-03 00:10:19 +0000 UTC |

Live-Hack-CVE/CVE-2016-3107 It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:12 +0000 UTC Push: 2023-02-03 00:10:15 +0000 UTC |

Live-Hack-CVE/CVE-2016-9922 CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE project by @Sn0wAlice Create: 2023-02-03 00:10:08 +0000 UTC Push: 2023-02-03 00:10:10 +0000 UTC |

Live-Hack-CVE/CVE-2017-7488 A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:03 +0000 UTC Push: 2023-02-03 00:10:06 +0000 UTC |