cvedb/CVE-2020-2551 Create: 2023-02-13 17:41:22 +0000 UTC Push: 2023-02-13 17:42:01 +0000 UTC |

w3security/CVE-2020-2551 Create: 2023-02-13 17:41:22 +0000 UTC Push: 2023-02-13 17:42:01 +0000 UTC |

rvizx/CVE-2022-28368 Dompdf - RCE via Injeting a CSS file Create: 2023-02-13 16:10:00 +0000 UTC Push: 2023-02-14 16:33:51 +0000 UTC |

Live-Hack-CVE/CVE-2018-14634 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:41 +0000 UTC Push: 2023-02-13 14:49:43 +0000 UTC |

Live-Hack-CVE/CVE-2018-1047 A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:37 +0000 UTC Push: 2023-02-13 14:49:39 +0000 UTC |

Live-Hack-CVE/CVE-2018-16865 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute cod CVE project by @Sn0wAlice Create: 2023-02-13 14:49:34 +0000 UTC Push: 2023-02-13 14:49:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-16884 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due CVE project by @Sn0wAlice Create: 2023-02-13 14:49:30 +0000 UTC Push: 2023-02-13 14:49:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-16889 Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:27 +0000 UTC Push: 2023-02-13 14:49:29 +0000 UTC |

Live-Hack-CVE/CVE-2018-16885 A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue onl CVE project by @Sn0wAlice Create: 2023-02-13 14:49:24 +0000 UTC Push: 2023-02-13 14:49:26 +0000 UTC |

Live-Hack-CVE/CVE-2018-16866 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:20 +0000 UTC Push: 2023-02-13 14:49:22 +0000 UTC |

Live-Hack-CVE/CVE-2018-1065 The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/i CVE project by @Sn0wAlice Create: 2023-02-13 14:49:16 +0000 UTC Push: 2023-02-13 14:49:19 +0000 UTC |

Live-Hack-CVE/CVE-2018-1098 A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an at CVE project by @Sn0wAlice Create: 2023-02-13 14:49:13 +0000 UTC Push: 2023-02-13 14:49:15 +0000 UTC |

Live-Hack-CVE/CVE-2018-1094 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:09 +0000 UTC Push: 2023-02-13 14:49:12 +0000 UTC |

Live-Hack-CVE/CVE-2018-1097 A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:05 +0000 UTC Push: 2023-02-13 14:49:07 +0000 UTC |

Live-Hack-CVE/CVE-2018-1100 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:01 +0000 UTC Push: 2023-02-13 14:49:04 +0000 UTC |

Live-Hack-CVE/CVE-2018-1075 ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning l CVE project by @Sn0wAlice Create: 2023-02-13 14:48:57 +0000 UTC Push: 2023-02-13 14:49:00 +0000 UTC |

Live-Hack-CVE/CVE-2018-1088 A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:53 +0000 UTC Push: 2023-02-13 14:48:56 +0000 UTC |

Live-Hack-CVE/CVE-2018-1118 Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:50 +0000 UTC Push: 2023-02-13 14:48:52 +0000 UTC |

Live-Hack-CVE/CVE-2018-1095 The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted CVE project by @Sn0wAlice Create: 2023-02-13 14:48:46 +0000 UTC Push: 2023-02-13 14:48:48 +0000 UTC |

Live-Hack-CVE/CVE-2021-23174 Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. CVE project by @Sn0wAlice Create: 2023-02-13 14:48:42 +0000 UTC Push: 2023-02-13 14:48:45 +0000 UTC |