Live-Hack-CVE/CVE-2023-0028 Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+. CVE project by @Sn0wAlice Create: 2023-01-07 07:41:02 +0000 UTC Push: 2023-01-07 07:41:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-42256 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:56 +0000 UTC Push: 2023-01-07 07:40:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-42255 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:53 +0000 UTC Push: 2023-01-07 07:40:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-44939 Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:48 +0000 UTC Push: 2023-01-07 07:40:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-41613 Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:44 +0000 UTC Push: 2023-01-07 07:40:47 +0000 UTC |

Live-Hack-CVE/CVE-2022-40201 Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:40 +0000 UTC Push: 2023-01-07 07:40:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-2484 The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:36 +0000 UTC Push: 2023-01-07 07:40:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-2483 The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:32 +0000 UTC Push: 2023-01-07 07:40:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-2482 A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. CVE project by @Sn0wAlice Create: 2023-01-07 07:40:27 +0000 UTC Push: 2023-01-07 07:40:30 +0000 UTC |

Live-Hack-CVE/CVE-2013-10008 A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB CVE project by @Sn0wAlice Create: 2023-01-07 07:40:23 +0000 UTC Push: 2023-01-07 07:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2021-4294 A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to app CVE project by @Sn0wAlice Create: 2023-01-07 05:32:17 +0000 UTC Push: 2023-01-07 05:32:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-4858 Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. CVE project by @Sn0wAlice Create: 2023-01-07 05:32:08 +0000 UTC Push: 2023-01-07 05:32:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-36638 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be CVE project by @Sn0wAlice Create: 2023-01-07 05:32:02 +0000 UTC Push: 2023-01-07 05:32:06 +0000 UTC |

Live-Hack-CVE/CVE-2020-36637 ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be CVE project by @Sn0wAlice Create: 2023-01-07 05:31:57 +0000 UTC Push: 2023-01-07 05:32:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-34679 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-07 05:31:50 +0000 UTC Push: 2023-01-07 05:31:54 +0000 UTC |

yerodin/CVE-2022-44149 PO Exploit for CVE-2022-44149 Create: 2023-01-07 04:00:25 +0000 UTC Push: 2023-01-07 04:00:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-4778 StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. CVE project by @Sn0wAlice Create: 2023-01-07 03:21:28 +0000 UTC Push: 2023-01-07 03:21:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-41966 XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps t CVE project by @Sn0wAlice Create: 2023-01-07 03:21:24 +0000 UTC Push: 2023-01-07 03:21:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-22475 Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canary CVE project by @Sn0wAlice Create: 2023-01-07 03:21:19 +0000 UTC Push: 2023-01-07 03:21:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-44149 The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required. CVE project by @Sn0wAlice Create: 2023-01-07 03:21:14 +0000 UTC Push: 2023-01-07 03:21:17 +0000 UTC |