Live-Hack-CVE/CVE-2018-20961 In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:41 +0000 UTC Push: 2023-01-20 01:40:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-15504 drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). CVE project by @Sn0wAlice Create: 2023-01-20 01:40:36 +0000 UTC Push: 2023-01-20 01:40:40 +0000 UTC |

Live-Hack-CVE/CVE-2014-2523 net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error f CVE project by @Sn0wAlice Create: 2023-01-20 01:40:32 +0000 UTC Push: 2023-01-20 01:40:35 +0000 UTC |

Live-Hack-CVE/CVE-2006-7204 The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:24 +0000 UTC Push: 2023-01-20 01:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2017-18017 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:20 +0000 UTC Push: 2023-01-20 01:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2017-17806 The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel CVE project by @Sn0wAlice Create: 2023-01-20 01:40:16 +0000 UTC Push: 2023-01-20 01:40:19 +0000 UTC |

Live-Hack-CVE/CVE-2017-17853 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:12 +0000 UTC Push: 2023-01-20 01:40:15 +0000 UTC |

Live-Hack-CVE/CVE-2015-8787 The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a relate CVE project by @Sn0wAlice Create: 2023-01-20 01:40:08 +0000 UTC Push: 2023-01-20 01:40:10 +0000 UTC |

Live-Hack-CVE/CVE-2010-3709 The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. CVE project by @Sn0wAlice Create: 2023-01-20 01:40:03 +0000 UTC Push: 2023-01-20 01:40:05 +0000 UTC |

Live-Hack-CVE/CVE-2012-4388 The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betw CVE project by @Sn0wAlice Create: 2023-01-20 01:39:59 +0000 UTC Push: 2023-01-20 01:40:01 +0000 UTC |

Live-Hack-CVE/CVE-2014-3981 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:55 +0000 UTC Push: 2023-01-20 01:39:57 +0000 UTC |

Live-Hack-CVE/CVE-2014-3538 file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-20 CVE project by @Sn0wAlice Create: 2023-01-20 01:39:50 +0000 UTC Push: 2023-01-20 01:39:53 +0000 UTC |

Live-Hack-CVE/CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:46 +0000 UTC Push: 2023-01-20 01:39:49 +0000 UTC |

Live-Hack-CVE/CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:42 +0000 UTC Push: 2023-01-20 01:39:45 +0000 UTC |

Live-Hack-CVE/CVE-2015-2326 The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVE project by @Sn0wAlice Create: 2023-01-20 01:39:38 +0000 UTC Push: 2023-01-20 01:39:41 +0000 UTC |

Live-Hack-CVE/CVE-2010-2531 The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:34 +0000 UTC Push: 2023-01-20 01:39:37 +0000 UTC |

Live-Hack-CVE/CVE-2011-1471 Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:30 +0000 UTC Push: 2023-01-20 01:39:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-47105 Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. CVE project by @Sn0wAlice Create: 2023-01-20 01:39:24 +0000 UTC Push: 2023-01-20 01:39:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0404 The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functi CVE project by @Sn0wAlice Create: 2023-01-20 01:39:20 +0000 UTC Push: 2023-01-20 01:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-0403 The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset network access tokens, CVE project by @Sn0wAlice Create: 2023-01-20 01:39:15 +0000 UTC Push: 2023-01-20 01:39:18 +0000 UTC |