Live-Hack-CVE/CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional p CVE project by @Sn0wAlice Create: 2023-01-28 05:40:09 +0000 UTC Push: 2023-01-28 05:40:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-14968 An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creati CVE project by @Sn0wAlice Create: 2023-01-28 05:40:05 +0000 UTC Push: 2023-01-28 05:40:07 +0000 UTC |

Live-Hack-CVE/CVE-2017-2788 A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requ CVE project by @Sn0wAlice Create: 2023-01-28 05:40:01 +0000 UTC Push: 2023-01-28 05:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2017-2820 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerabil CVE project by @Sn0wAlice Create: 2023-01-28 05:39:58 +0000 UTC Push: 2023-01-28 05:40:00 +0000 UTC |

Live-Hack-CVE/CVE-2017-14448 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-28 05:39:54 +0000 UTC Push: 2023-01-28 05:39:56 +0000 UTC |

waspthebughunter/CVE-2022-47873 Proof Of Concept for CVE-2022-47873 KEOS Software Create: 2023-01-28 05:03:37 +0000 UTC Push: 2023-01-28 05:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-1751 An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnera CVE project by @Sn0wAlice Create: 2023-01-28 03:29:30 +0000 UTC Push: 2023-01-28 03:29:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-6692 Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:26 +0000 UTC Push: 2023-01-28 03:29:28 +0000 UTC |

Live-Hack-CVE/CVE-2018-6677 Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:22 +0000 UTC Push: 2023-01-28 03:29:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-6590 CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:19 +0000 UTC Push: 2023-01-28 03:29:21 +0000 UTC |

Live-Hack-CVE/CVE-2018-6686 Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:15 +0000 UTC Push: 2023-01-28 03:29:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-11958 re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:12 +0000 UTC Push: 2023-01-28 03:29:14 +0000 UTC |

Live-Hack-CVE/CVE-2020-1983 A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:08 +0000 UTC Push: 2023-01-28 03:29:10 +0000 UTC |

Live-Hack-CVE/CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:04 +0000 UTC Push: 2023-01-28 03:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-12767 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:00 +0000 UTC Push: 2023-01-28 03:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-12823 OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:56 +0000 UTC Push: 2023-01-28 03:28:58 +0000 UTC |

Live-Hack-CVE/CVE-2018-6693 An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbi CVE project by @Sn0wAlice Create: 2023-01-28 03:28:52 +0000 UTC Push: 2023-01-28 03:28:55 +0000 UTC |

Live-Hack-CVE/CVE-2020-13112 An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:49 +0000 UTC Push: 2023-01-28 03:28:51 +0000 UTC |

Live-Hack-CVE/CVE-2020-11017 In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:45 +0000 UTC Push: 2023-01-28 03:28:47 +0000 UTC |

Live-Hack-CVE/CVE-2020-11018 In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:41 +0000 UTC Push: 2023-01-28 03:28:44 +0000 UTC |