Live-Hack-CVE/CVE-2020-36403 HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). CVE project by @Sn0wAlice Create: 2023-02-04 03:53:56 +0000 UTC Push: 2023-02-04 03:53:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-4067 IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 157012. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:51 +0000 UTC Push: 2023-02-04 03:53:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-13300 GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:46 +0000 UTC Push: 2023-02-04 03:53:49 +0000 UTC |

Live-Hack-CVE/CVE-2020-26732 SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:43 +0000 UTC Push: 2023-02-04 03:53:45 +0000 UTC |

Live-Hack-CVE/CVE-2021-28116 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:39 +0000 UTC Push: 2023-02-04 03:53:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-4063 IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:35 +0000 UTC Push: 2023-02-04 03:53:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-4052 IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:31 +0000 UTC Push: 2023-02-04 03:53:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-4080 IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 is vulnerable to a potential denial of service, caused by improper parameter parsing. A remote attacker could exploit this to consume all available CPU resources. IBM X-Force ID: 157380. CVE project by @Sn0wAlice Create: 2023-02-04 03:53:27 +0000 UTC Push: 2023-02-04 03:53:30 +0000 UTC |

agathanon/cve-2022-44268 Create: 2023-02-04 03:02:27 +0000 UTC Push: 2023-02-04 04:39:51 +0000 UTC |

agathanon/cve-2023-44268 Create: 2023-02-04 02:24:45 +0000 UTC Push: 2023-02-04 02:55:16 +0000 UTC |

Live-Hack-CVE/CVE-2023-24138 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. CVE project by @Sn0wAlice Create: 2023-02-04 01:43:00 +0000 UTC Push: 2023-02-04 01:43:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-34138 Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:56 +0000 UTC Push: 2023-02-04 01:42:59 +0000 UTC |

Live-Hack-CVE/CVE-2020-0305 In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744 CVE project by @Sn0wAlice Create: 2023-02-04 01:42:53 +0000 UTC Push: 2023-02-04 01:42:55 +0000 UTC |

Live-Hack-CVE/CVE-2020-16118 In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:49 +0000 UTC Push: 2023-02-04 01:42:51 +0000 UTC |

Live-Hack-CVE/CVE-2020-14347 A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:42 +0000 UTC Push: 2023-02-04 01:42:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-40998 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-04 01:42:38 +0000 UTC Push: 2023-02-04 01:42:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-10675 The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:34 +0000 UTC Push: 2023-02-04 01:42:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-20485 qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). CVE project by @Sn0wAlice Create: 2023-02-04 01:42:29 +0000 UTC Push: 2023-02-04 01:42:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-5267 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:23 +0000 UTC Push: 2023-02-04 01:42:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-15654 Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cle CVE project by @Sn0wAlice Create: 2023-02-04 01:42:19 +0000 UTC Push: 2023-02-04 01:42:22 +0000 UTC |