Live-Hack-CVE/CVE-2022-42972 A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:22 +0000 UTC Push: 2023-02-01 15:02:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-24324 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:18 +0000 UTC Push: 2023-02-01 15:02:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-45101 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:14 +0000 UTC Push: 2023-02-01 15:02:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-45097 Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:11 +0000 UTC Push: 2023-02-01 15:02:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-45096 Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:07 +0000 UTC Push: 2023-02-01 15:02:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-45095 Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data CVE project by @Sn0wAlice Create: 2023-02-01 15:02:04 +0000 UTC Push: 2023-02-01 15:02:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-34459 Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:00 +0000 UTC Push: 2023-02-01 15:02:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-34443 Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:56 +0000 UTC Push: 2023-02-01 15:01:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-34458 Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential CVE project by @Sn0wAlice Create: 2023-02-01 15:01:53 +0000 UTC Push: 2023-02-01 15:01:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-25916 Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:49 +0000 UTC Push: 2023-02-01 15:01:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-34400 Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:46 +0000 UTC Push: 2023-02-01 15:01:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-25906 All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:42 +0000 UTC Push: 2023-02-01 15:01:44 +0000 UTC |

masahiro331/cve-2022-25927 Create: 2023-02-01 12:16:47 +0000 UTC Push: 2023-02-01 12:16:47 +0000 UTC |

Cedric1314/CVE-2022-47872 Create: 2023-02-01 10:34:19 +0000 UTC Push: 2023-02-01 10:34:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-21532 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. CVE project by @Sn0wAlice Create: 2023-02-01 09:26:00 +0000 UTC Push: 2023-02-01 09:26:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-21531 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:57 +0000 UTC Push: 2023-02-01 09:25:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-21529 fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:53 +0000 UTC Push: 2023-02-01 09:25:55 +0000 UTC |

Live-Hack-CVE/CVE-2021-32280 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c. It allows an attacker to cause Denial of Service. The fixed version of fig2dev is 3.2.8. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:50 +0000 UTC Push: 2023-02-01 09:25:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-47873 Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). CVE project by @Sn0wAlice Create: 2023-02-01 09:25:46 +0000 UTC Push: 2023-02-01 09:25:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-13221 A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file. CVE project by @Sn0wAlice Create: 2023-02-01 09:25:43 +0000 UTC Push: 2023-02-01 09:25:45 +0000 UTC |