Live-Hack-CVE/CVE-2022-23454 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:22 +0000 UTC Push: 2023-02-01 19:23:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23453 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:19 +0000 UTC Push: 2023-02-01 19:23:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-3808 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:14 +0000 UTC Push: 2023-02-01 19:23:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-3809 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:11 +0000 UTC Push: 2023-02-01 19:23:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-14395 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:07 +0000 UTC Push: 2023-02-01 19:23:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-3439 HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:03 +0000 UTC Push: 2023-02-01 19:23:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24977 Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. CVE project by @Sn0wAlice Create: 2023-02-01 19:22:58 +0000 UTC Push: 2023-02-01 19:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0587 A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\Sa CVE project by @Sn0wAlice Create: 2023-02-01 15:03:10 +0000 UTC Push: 2023-02-01 15:03:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4206 A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report CVE project by @Sn0wAlice Create: 2023-02-01 15:03:06 +0000 UTC Push: 2023-02-01 15:03:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0454 OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. CVE project by @Sn0wAlice Create: 2023-02-01 15:03:03 +0000 UTC Push: 2023-02-01 15:03:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-23846 Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately un CVE project by @Sn0wAlice Create: 2023-02-01 15:02:59 +0000 UTC Push: 2023-02-01 15:03:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-20856 VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:56 +0000 UTC Push: 2023-02-01 15:02:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0524 As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several d CVE project by @Sn0wAlice Create: 2023-02-01 15:02:52 +0000 UTC Push: 2023-02-01 15:02:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-42973 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monito CVE project by @Sn0wAlice Create: 2023-02-01 15:02:49 +0000 UTC Push: 2023-02-01 15:02:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-22786 A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* a CVE project by @Sn0wAlice Create: 2023-02-01 15:02:45 +0000 UTC Push: 2023-02-01 15:02:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0607 Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:41 +0000 UTC Push: 2023-02-01 15:02:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4062 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:37 +0000 UTC Push: 2023-02-01 15:02:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-42970 A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:33 +0000 UTC Push: 2023-02-01 15:02:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-2329 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.2 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:30 +0000 UTC Push: 2023-02-01 15:02:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42971 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UP CVE project by @Sn0wAlice Create: 2023-02-01 15:02:25 +0000 UTC Push: 2023-02-01 15:02:28 +0000 UTC |