Live-Hack-CVE/CVE-2015-7512 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. CVE project by @Sn0wAlice Create: 2023-02-13 10:27:02 +0000 UTC Push: 2023-02-13 10:27:04 +0000 UTC |

Live-Hack-CVE/CVE-2015-7544 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:59 +0000 UTC Push: 2023-02-13 10:27:01 +0000 UTC |

Live-Hack-CVE/CVE-2015-7549 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:55 +0000 UTC Push: 2023-02-13 10:26:57 +0000 UTC |

Live-Hack-CVE/CVE-2015-7529 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:52 +0000 UTC Push: 2023-02-13 10:26:54 +0000 UTC |

Live-Hack-CVE/CVE-2015-7509 fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:48 +0000 UTC Push: 2023-02-13 10:26:50 +0000 UTC |

Live-Hack-CVE/CVE-2015-8504 Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:45 +0000 UTC Push: 2023-02-13 10:26:47 +0000 UTC |

Live-Hack-CVE/CVE-2015-8744 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:41 +0000 UTC Push: 2023-02-13 10:26:43 +0000 UTC |

Live-Hack-CVE/CVE-2015-8324 The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:37 +0000 UTC Push: 2023-02-13 10:26:40 +0000 UTC |

Live-Hack-CVE/CVE-2015-7553 Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:34 +0000 UTC Push: 2023-02-13 10:26:36 +0000 UTC |

Live-Hack-CVE/CVE-2015-7872 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:30 +0000 UTC Push: 2023-02-13 10:26:33 +0000 UTC |

Live-Hack-CVE/CVE-2015-8660 The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:27 +0000 UTC Push: 2023-02-13 10:26:29 +0000 UTC |

Live-Hack-CVE/CVE-2015-7713 OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:23 +0000 UTC Push: 2023-02-13 10:26:25 +0000 UTC |

Live-Hack-CVE/CVE-2015-8745 QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. CVE project by @Sn0wAlice Create: 2023-02-13 10:26:19 +0000 UTC Push: 2023-02-13 10:26:22 +0000 UTC |

Live-Hack-CVE/CVE-2015-8970 crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not sup CVE project by @Sn0wAlice Create: 2023-02-13 10:26:15 +0000 UTC Push: 2023-02-13 10:26:18 +0000 UTC |

kljunowsky/CVE-2022-44268 CVE-2022-44268 ImageMagick Arbitrary File Read - Proof of Concept exploit Create: 2023-02-13 10:00:51 +0000 UTC Push: 2023-02-13 10:00:52 +0000 UTC |

ireshchaminda1/Android-Privilege-Escalation-Remote-Access-Vulnerability-CVE-2015-1805 AndroRAT is a capability that can be used to inject a root exploit as a silent installation to perform a malicious task on the device. This AndroRAT is designed to exploit CVE-2015-1805, a vulnerability that was discovered and made public in 2016. Create: 2023-02-13 07:00:18 +0000 UTC Push: 2023-02-13 07:00:18 +0000 UTC |

Live-Hack-CVE/CVE-2012-0039 ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash tab CVE project by @Sn0wAlice Create: 2023-02-13 06:00:34 +0000 UTC Push: 2023-02-13 06:00:36 +0000 UTC |

Live-Hack-CVE/CVE-2013-0346 ** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." CVE project by @Sn0wAlice Create: 2023-02-13 06:00:31 +0000 UTC Push: 2023-02-13 06:00:33 +0000 UTC |

Live-Hack-CVE/CVE-2012-2658 ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate CVE project by @Sn0wAlice Create: 2023-02-13 06:00:27 +0000 UTC Push: 2023-02-13 06:00:29 +0000 UTC |

Live-Hack-CVE/CVE-2011-2906 ** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrough function in drivers/scsi/pmcraid.c in the Linux kernel before 3.1 might allow local users to cause a denial of service (memory consumption or memory corruption) via a negative size value in an ioctl call. NOTE: this may be a vulnerability only in CVE project by @Sn0wAlice Create: 2023-02-13 06:00:24 +0000 UTC Push: 2023-02-13 06:00:26 +0000 UTC |