Live-Hack-CVE/CVE-2022-40224 A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-08 04:03:43 +0000 UTC Push: 2023-02-08 04:03:46 +0000 UTC |

Live-Hack-CVE/CVE-2011-10002 A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is reco CVE project by @Sn0wAlice Create: 2023-02-08 04:03:40 +0000 UTC Push: 2023-02-08 04:03:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-46621 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-02-08 01:53:23 +0000 UTC Push: 2023-02-08 01:53:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-46620 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE project by @Sn0wAlice Create: 2023-02-08 01:53:20 +0000 UTC Push: 2023-02-08 01:53:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-45544 Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. CVE project by @Sn0wAlice Create: 2023-02-08 01:53:16 +0000 UTC Push: 2023-02-08 01:53:18 +0000 UTC |

Live-Hack-CVE/CVE-2018-14632 An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management. CVE project by @Sn0wAlice Create: 2023-02-08 01:53:09 +0000 UTC Push: 2023-02-08 01:53:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-0707 A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:45 +0000 UTC Push: 2023-02-07 23:39:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-43759 A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:41 +0000 UTC Push: 2023-02-07 23:39:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-43758 A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Ranch CVE project by @Sn0wAlice Create: 2023-02-07 23:39:37 +0000 UTC Push: 2023-02-07 23:39:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-43757 A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:34 +0000 UTC Push: 2023-02-07 23:39:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-43756 A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler versi CVE project by @Sn0wAlice Create: 2023-02-07 23:39:30 +0000 UTC Push: 2023-02-07 23:39:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-43755 A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:26 +0000 UTC Push: 2023-02-07 23:39:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-31249 A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wr CVE project by @Sn0wAlice Create: 2023-02-07 23:39:22 +0000 UTC Push: 2023-02-07 23:39:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-21953 A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:18 +0000 UTC Push: 2023-02-07 23:39:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-37491 An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:14 +0000 UTC Push: 2023-02-07 23:39:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-22389 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:09 +0000 UTC Push: 2023-02-07 23:39:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-23582 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. CVE project by @Sn0wAlice Create: 2023-02-07 23:39:05 +0000 UTC Push: 2023-02-07 23:39:07 +0000 UTC |

jfrog/jfrog-CVE-2022-21449-OpenSSH_Double-Free Create: 2023-02-07 23:33:41 +0000 UTC Push: 2023-02-07 23:33:42 +0000 UTC |

jfrog/jfrog-CVE-2023-25136-OpenSSH_Double-Free Create: 2023-02-07 23:33:41 +0000 UTC Push: 2023-02-07 23:33:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-21948 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. CVE project by @Sn0wAlice Create: 2023-02-07 21:25:33 +0000 UTC Push: 2023-02-07 21:25:36 +0000 UTC |