Live-Hack-CVE/CVE-2023-22358 In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE project by @Sn0wAlice Create: 2023-02-02 04:19:00 +0000 UTC Push: 2023-02-02 04:19:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-22341 On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization End CVE project by @Sn0wAlice Create: 2023-02-02 04:18:56 +0000 UTC Push: 2023-02-02 04:18:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-22340 On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are n CVE project by @Sn0wAlice Create: 2023-02-02 04:18:52 +0000 UTC Push: 2023-02-02 04:18:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-22323 In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have re CVE project by @Sn0wAlice Create: 2023-02-02 04:18:49 +0000 UTC Push: 2023-02-02 04:18:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-22326 In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authent CVE project by @Sn0wAlice Create: 2023-02-02 04:18:46 +0000 UTC Push: 2023-02-02 04:18:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-22302 In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel CVE project by @Sn0wAlice Create: 2023-02-02 04:18:42 +0000 UTC Push: 2023-02-02 04:18:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22283 On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrati CVE project by @Sn0wAlice Create: 2023-02-02 04:18:38 +0000 UTC Push: 2023-02-02 04:18:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22281 On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. No CVE project by @Sn0wAlice Create: 2023-02-02 04:18:33 +0000 UTC Push: 2023-02-02 04:18:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-47983 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. CVE project by @Sn0wAlice Create: 2023-02-02 04:18:29 +0000 UTC Push: 2023-02-02 04:18:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-43922 IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. CVE project by @Sn0wAlice Create: 2023-02-02 04:18:26 +0000 UTC Push: 2023-02-02 04:18:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-20922 In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Andro CVE project by @Sn0wAlice Create: 2023-02-02 04:18:21 +0000 UTC Push: 2023-02-02 04:18:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-20920 In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android- CVE project by @Sn0wAlice Create: 2023-02-02 04:18:17 +0000 UTC Push: 2023-02-02 04:18:20 +0000 UTC |

Live-Hack-CVE/CVE-2023-20921 In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVer CVE project by @Sn0wAlice Create: 2023-02-02 04:18:13 +0000 UTC Push: 2023-02-02 04:18:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-20916 In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for CVE project by @Sn0wAlice Create: 2023-02-02 04:18:08 +0000 UTC Push: 2023-02-02 04:18:11 +0000 UTC |

Live-Hack-CVE/CVE-2023-20919 In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android CVE project by @Sn0wAlice Create: 2023-02-02 04:18:04 +0000 UTC Push: 2023-02-02 04:18:07 +0000 UTC |

motikan2010/CVE-2023-23924 Create: 2023-02-02 02:21:23 +0000 UTC Push: 2023-02-02 02:21:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-21810 All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. CVE project by @Sn0wAlice Create: 2023-02-02 02:04:11 +0000 UTC Push: 2023-02-02 02:04:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0416 GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVE project by @Sn0wAlice Create: 2023-02-02 02:04:07 +0000 UTC Push: 2023-02-02 02:04:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0417 Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVE project by @Sn0wAlice Create: 2023-02-02 02:04:03 +0000 UTC Push: 2023-02-02 02:04:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0415 iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file CVE project by @Sn0wAlice Create: 2023-02-02 02:03:59 +0000 UTC Push: 2023-02-02 02:04:02 +0000 UTC |