Live-Hack-CVE/CVE-2018-1094 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:09 +0000 UTC Push: 2023-02-13 14:49:12 +0000 UTC |

Live-Hack-CVE/CVE-2018-1097 A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:05 +0000 UTC Push: 2023-02-13 14:49:07 +0000 UTC |

Live-Hack-CVE/CVE-2018-1100 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:01 +0000 UTC Push: 2023-02-13 14:49:04 +0000 UTC |

Live-Hack-CVE/CVE-2018-1075 ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning l CVE project by @Sn0wAlice Create: 2023-02-13 14:48:57 +0000 UTC Push: 2023-02-13 14:49:00 +0000 UTC |

Live-Hack-CVE/CVE-2018-1088 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:53 +0000 UTC Push: 2023-02-13 14:48:56 +0000 UTC |

Live-Hack-CVE/CVE-2018-1118 Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:50 +0000 UTC Push: 2023-02-13 14:48:52 +0000 UTC |

Live-Hack-CVE/CVE-2018-1095 The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted CVE project by @Sn0wAlice Create: 2023-02-13 14:48:46 +0000 UTC Push: 2023-02-13 14:48:48 +0000 UTC |

Live-Hack-CVE/CVE-2021-23174 Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:42 +0000 UTC Push: 2023-02-13 14:48:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-23209 Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). CVE project by @Sn0wAlice Create: 2023-02-13 14:48:39 +0000 UTC Push: 2023-02-13 14:48:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-48323 Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershe CVE project by @Sn0wAlice Create: 2023-02-13 14:48:31 +0000 UTC Push: 2023-02-13 14:48:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-48322 NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:28 +0000 UTC Push: 2023-02-13 14:48:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-25937 Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). CVE project by @Sn0wAlice Create: 2023-02-13 14:48:25 +0000 UTC Push: 2023-02-13 14:48:27 +0000 UTC |

Malwareman007/CVE-2023-21608 Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit Create: 2023-02-13 14:11:40 +0000 UTC Push: 2023-02-13 14:11:40 +0000 UTC |

4ra1n/CVE-2023-21839 Weblogic CVE-2023-21839 RCE (无需Java依赖，构造协议通过socket一键RCE) Create: 2023-02-13 11:42:27 +0000 UTC Push: 2023-02-24 21:29:38 +0000 UTC |

Live-Hack-CVE/CVE-2015-5233 Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via dir CVE project by @Sn0wAlice Create: 2023-02-13 10:27:39 +0000 UTC Push: 2023-02-13 10:27:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-5305 Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:35 +0000 UTC Push: 2023-02-13 10:27:37 +0000 UTC |

Live-Hack-CVE/CVE-2015-5329 The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:32 +0000 UTC Push: 2023-02-13 10:27:34 +0000 UTC |

Live-Hack-CVE/CVE-2015-5295 The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/ze CVE project by @Sn0wAlice Create: 2023-02-13 10:27:29 +0000 UTC Push: 2023-02-13 10:27:31 +0000 UTC |

Live-Hack-CVE/CVE-2015-5313 Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in CVE project by @Sn0wAlice Create: 2023-02-13 10:27:26 +0000 UTC Push: 2023-02-13 10:27:27 +0000 UTC |

Live-Hack-CVE/CVE-2015-5292 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos a CVE project by @Sn0wAlice Create: 2023-02-13 10:27:22 +0000 UTC Push: 2023-02-13 10:27:24 +0000 UTC |