Live-Hack-CVE/CVE-2019-20485 qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). CVE project by @Sn0wAlice Create: 2023-02-04 01:42:29 +0000 UTC Push: 2023-02-04 01:42:32 +0000 UTC |

Live-Hack-CVE/CVE-2020-5267 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. CVE project by @Sn0wAlice Create: 2023-02-04 01:42:23 +0000 UTC Push: 2023-02-04 01:42:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-15654 Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cle CVE project by @Sn0wAlice Create: 2023-02-04 01:42:19 +0000 UTC Push: 2023-02-04 01:42:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-1878 Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some informat CVE project by @Sn0wAlice Create: 2023-02-04 01:42:15 +0000 UTC Push: 2023-02-04 01:42:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-24467 The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request Forgery attack. This could lead to Cross-Site Scripting issues by either changing the URL of the JavaScript library being u CVE project by @Sn0wAlice Create: 2023-02-03 23:30:34 +0000 UTC Push: 2023-02-03 23:30:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-14622 A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to c CVE project by @Sn0wAlice Create: 2023-02-03 23:30:28 +0000 UTC Push: 2023-02-03 23:30:31 +0000 UTC |

Live-Hack-CVE/CVE-2018-16869 A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS conne CVE project by @Sn0wAlice Create: 2023-02-03 23:30:23 +0000 UTC Push: 2023-02-03 23:30:25 +0000 UTC |

Live-Hack-CVE/CVE-2019-10129 A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CV CVE project by @Sn0wAlice Create: 2023-02-03 23:30:19 +0000 UTC Push: 2023-02-03 23:30:22 +0000 UTC |

Live-Hack-CVE/CVE-2019-10163 A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected b CVE project by @Sn0wAlice Create: 2023-02-03 23:30:15 +0000 UTC Push: 2023-02-03 23:30:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-7003 A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupp CVE project by @Sn0wAlice Create: 2023-02-03 23:30:11 +0000 UTC Push: 2023-02-03 23:30:13 +0000 UTC |

Live-Hack-CVE/CVE-2021-21781 An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at CVE project by @Sn0wAlice Create: 2023-02-03 23:30:07 +0000 UTC Push: 2023-02-03 23:30:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-4210 IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. CVE project by @Sn0wAlice Create: 2023-02-03 23:30:03 +0000 UTC Push: 2023-02-03 23:30:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-7307 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause CVE project by @Sn0wAlice Create: 2023-02-03 23:29:59 +0000 UTC Push: 2023-02-03 23:30:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:55 +0000 UTC Push: 2023-02-03 23:29:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-24425 Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:52 +0000 UTC Push: 2023-02-03 23:29:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-24426 Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:48 +0000 UTC Push: 2023-02-03 23:29:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-4207 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:42 +0000 UTC Push: 2023-02-03 23:29:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4238 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:38 +0000 UTC Push: 2023-02-03 23:29:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-4220 IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:34 +0000 UTC Push: 2023-02-03 23:29:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-4208 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:31 +0000 UTC Push: 2023-02-03 23:29:33 +0000 UTC |