Live-Hack-CVE/CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:23 +0000 UTC Push: 2023-02-03 23:29:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0549 A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initia CVE project by @Sn0wAlice Create: 2023-02-03 21:16:28 +0000 UTC Push: 2023-02-03 21:16:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buf CVE project by @Sn0wAlice Create: 2023-02-03 20:07:56 +0000 UTC Push: 2023-02-03 20:07:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-25136 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not CVE project by @Sn0wAlice Create: 2023-02-03 20:07:52 +0000 UTC Push: 2023-02-03 20:07:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-48074 An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:48 +0000 UTC Push: 2023-02-03 20:07:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-23130 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during tr CVE project by @Sn0wAlice Create: 2023-02-03 20:07:44 +0000 UTC Push: 2023-02-03 20:07:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-23126 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:40 +0000 UTC Push: 2023-02-03 20:07:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-2327 io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the CVE project by @Sn0wAlice Create: 2023-02-03 20:07:36 +0000 UTC Push: 2023-02-03 20:07:38 +0000 UTC |

Ashifcoder/CVE-2022-44268-automated-poc An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image in Image Magic. Create: 2023-02-03 19:33:27 +0000 UTC Push: 2023-02-03 19:33:28 +0000 UTC |

SpiralBL0CK/CVE-2022-31144 CVE-2022-31144 dos pt redis, not finished yet or too soon, this can be turned into rce but oh well if you smart enough Create: 2023-02-03 16:40:38 +0000 UTC Push: 2023-02-03 16:40:38 +0000 UTC |

y1nglamore/CVE-2022-44268-ImageMagick-Vulnerable-Docker-Environment The vulnerable recurrence docker environment for CVE-2022-44268 Create: 2023-02-03 16:02:28 +0000 UTC Push: 2023-02-03 16:03:19 +0000 UTC |

Live-Hack-CVE/CVE-2019-5447 A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:59 +0000 UTC Push: 2023-02-03 14:38:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-12673 In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:54 +0000 UTC Push: 2023-02-03 14:37:57 +0000 UTC |

Live-Hack-CVE/CVE-2020-12674 In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:50 +0000 UTC Push: 2023-02-03 14:37:53 +0000 UTC |

Live-Hack-CVE/CVE-2020-14042 ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under act CVE project by @Sn0wAlice Create: 2023-02-03 14:37:47 +0000 UTC Push: 2023-02-03 14:37:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-5454 SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:43 +0000 UTC Push: 2023-02-03 14:37:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-10730 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This fl CVE project by @Sn0wAlice Create: 2023-02-03 14:37:40 +0000 UTC Push: 2023-02-03 14:37:42 +0000 UTC |

Live-Hack-CVE/CVE-2020-7923 A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc7; v4.2 versions prior to 4.2.8; v4.0 versions prior to CVE project by @Sn0wAlice Create: 2023-02-03 14:37:37 +0000 UTC Push: 2023-02-03 14:37:39 +0000 UTC |

Live-Hack-CVE/CVE-2020-16845 Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:33 +0000 UTC Push: 2023-02-03 14:37:35 +0000 UTC |

Live-Hack-CVE/CVE-2020-7576 A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). An authenticated user with the ability to create containers, packages or register defects could perform stored Cross-Site Scripting (XSS) attacks within the v CVE project by @Sn0wAlice Create: 2023-02-03 14:37:30 +0000 UTC Push: 2023-02-03 14:37:32 +0000 UTC |