Live-Hack-CVE/CVE-2020-16251 HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:26 +0000 UTC Push: 2023-02-03 14:37:28 +0000 UTC |

Live-Hack-CVE/CVE-2018-3868 A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:21 +0000 UTC Push: 2023-02-03 14:37:23 +0000 UTC |

Live-Hack-CVE/CVE-2018-3876 An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to expl CVE project by @Sn0wAlice Create: 2023-02-03 14:37:17 +0000 UTC Push: 2023-02-03 14:37:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-23120 The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and byp CVE project by @Sn0wAlice Create: 2023-02-03 14:37:11 +0000 UTC Push: 2023-02-03 14:37:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-23119 The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the c CVE project by @Sn0wAlice Create: 2023-02-03 14:37:07 +0000 UTC Push: 2023-02-03 14:37:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0124 Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:03 +0000 UTC Push: 2023-02-03 14:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-0123 Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. CVE project by @Sn0wAlice Create: 2023-02-03 14:37:00 +0000 UTC Push: 2023-02-03 14:37:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-4634 All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-03 14:36:56 +0000 UTC Push: 2023-02-03 14:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-25135 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL CVE project by @Sn0wAlice Create: 2023-02-03 14:36:50 +0000 UTC Push: 2023-02-03 14:36:52 +0000 UTC |

galoget/ResponsiveFilemanager-CVE-2022-46604 Responsive Filemanager v9.9.5 vulnerable to CVE-2022–46604. Create: 2023-02-03 14:34:46 +0000 UTC Push: 2023-02-03 14:34:46 +0000 UTC |

ohnonoyesyes/CVE-2022-47986 Aspera Faspex Pre Auth RCE Create: 2023-02-03 14:32:13 +0000 UTC Push: 2023-02-03 14:32:13 +0000 UTC |

Live-Hack-CVE/CVE-2023-0634 An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command. CVE project by @Sn0wAlice Create: 2023-02-03 10:06:16 +0000 UTC Push: 2023-02-03 10:06:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-0658 A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 w CVE project by @Sn0wAlice Create: 2023-02-03 10:06:10 +0000 UTC Push: 2023-02-03 10:06:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-38389 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. CVE project by @Sn0wAlice Create: 2023-02-03 10:06:06 +0000 UTC Push: 2023-02-03 10:06:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-22486 IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. CVE project by @Sn0wAlice Create: 2023-02-03 10:06:03 +0000 UTC Push: 2023-02-03 10:06:05 +0000 UTC |

Live-Hack-CVE/CVE-2018-3993 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malic CVE project by @Sn0wAlice Create: 2023-02-03 07:55:56 +0000 UTC Push: 2023-02-03 07:55:58 +0000 UTC |

Live-Hack-CVE/CVE-2018-3995 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious CVE project by @Sn0wAlice Create: 2023-02-03 07:55:53 +0000 UTC Push: 2023-02-03 07:55:55 +0000 UTC |

Live-Hack-CVE/CVE-2018-3994 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malic CVE project by @Sn0wAlice Create: 2023-02-03 07:55:49 +0000 UTC Push: 2023-02-03 07:55:52 +0000 UTC |

Live-Hack-CVE/CVE-2018-3996 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious CVE project by @Sn0wAlice Create: 2023-02-03 07:55:46 +0000 UTC Push: 2023-02-03 07:55:48 +0000 UTC |

Live-Hack-CVE/CVE-2018-3946 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious f CVE project by @Sn0wAlice Create: 2023-02-03 07:55:42 +0000 UTC Push: 2023-02-03 07:55:44 +0000 UTC |