Live-Hack-CVE/CVE-2022-44564 Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. CVE project by @Sn0wAlice Create: 2023-01-06 09:45:11 +0000 UTC Push: 2023-01-06 09:45:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-41579 There is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band. CVE project by @Sn0wAlice Create: 2023-01-06 09:45:07 +0000 UTC Push: 2023-01-06 09:45:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-44536 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 09:45:01 +0000 UTC Push: 2023-01-06 09:45:05 +0000 UTC |

Live-Hack-CVE/CVE-2022-44541 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 09:44:58 +0000 UTC Push: 2023-01-06 09:45:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-44540 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 09:44:53 +0000 UTC Push: 2023-01-06 09:44:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-44539 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 09:44:49 +0000 UTC Push: 2023-01-06 09:44:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-44538 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 09:44:43 +0000 UTC Push: 2023-01-06 09:44:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-44537 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 09:44:38 +0000 UTC Push: 2023-01-06 09:44:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-4803 Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:51 +0000 UTC Push: 2023-01-06 07:34:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-38209 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:47 +0000 UTC Push: 2023-01-06 07:34:50 +0000 UTC |

Live-Hack-CVE/CVE-2022-38207 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:44 +0000 UTC Push: 2023-01-06 07:34:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-38206 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:39 +0000 UTC Push: 2023-01-06 07:34:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-38205 In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). CVE project by @Sn0wAlice Create: 2023-01-06 07:34:35 +0000 UTC Push: 2023-01-06 07:34:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-38204 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:31 +0000 UTC Push: 2023-01-06 07:34:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-40341 DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOX CVE project by @Sn0wAlice Create: 2023-01-06 07:34:26 +0000 UTC Push: 2023-01-06 07:34:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-3929 Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXM CVE project by @Sn0wAlice Create: 2023-01-06 07:34:21 +0000 UTC Push: 2023-01-06 07:34:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-3928 Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOX CVE project by @Sn0wAlice Create: 2023-01-06 07:34:16 +0000 UTC Push: 2023-01-06 07:34:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-3927 The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-U CVE project by @Sn0wAlice Create: 2023-01-06 07:34:11 +0000 UTC Push: 2023-01-06 07:34:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-41010 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:07 +0000 UTC Push: 2023-01-06 07:34:10 +0000 UTC |

Live-Hack-CVE/CVE-2021-41009 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:02 +0000 UTC Push: 2023-01-06 07:34:05 +0000 UTC |