Live-Hack-CVE/CVE-2020-11018 In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:41 +0000 UTC Push: 2023-01-28 03:28:44 +0000 UTC |

Live-Hack-CVE/CVE-2020-11019 In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:38 +0000 UTC Push: 2023-01-28 03:28:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-13775 ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:34 +0000 UTC Push: 2023-01-28 03:28:36 +0000 UTC |

Live-Hack-CVE/CVE-2020-7115 The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and high CVE project by @Sn0wAlice Create: 2023-01-28 03:28:30 +0000 UTC Push: 2023-01-28 03:28:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-10702 A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the sig CVE project by @Sn0wAlice Create: 2023-01-28 03:28:27 +0000 UTC Push: 2023-01-28 03:28:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-4046 In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patch CVE project by @Sn0wAlice Create: 2023-01-28 03:28:23 +0000 UTC Push: 2023-01-28 03:28:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-6690 Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:19 +0000 UTC Push: 2023-01-28 03:28:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-13999 ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:15 +0000 UTC Push: 2023-01-28 03:28:18 +0000 UTC |

Live-Hack-CVE/CVE-2018-6689 Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:12 +0000 UTC Push: 2023-01-28 03:28:14 +0000 UTC |

Live-Hack-CVE/CVE-2018-6700 DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:08 +0000 UTC Push: 2023-01-28 03:28:10 +0000 UTC |

Live-Hack-CVE/CVE-2018-6703 Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:05 +0000 UTC Push: 2023-01-28 03:28:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-14148 The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:01 +0000 UTC Push: 2023-01-28 03:28:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-14980 The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:38 +0000 UTC Push: 2023-01-28 01:15:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-14461 Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:33 +0000 UTC Push: 2023-01-28 01:15:35 +0000 UTC |

Live-Hack-CVE/CVE-2020-14981 The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:30 +0000 UTC Push: 2023-01-28 01:15:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-48073 Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:26 +0000 UTC Push: 2023-01-28 01:15:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-48072 Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:22 +0000 UTC Push: 2023-01-28 01:15:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-48071 Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:19 +0000 UTC Push: 2023-01-28 01:15:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-48070 Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:15 +0000 UTC Push: 2023-01-28 01:15:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-48069 Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. CVE project by @Sn0wAlice Create: 2023-01-28 01:15:11 +0000 UTC Push: 2023-01-28 01:15:14 +0000 UTC |