Live-Hack-CVE/CVE-2017-12099 An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacke CVE project by @Sn0wAlice Create: 2023-02-03 05:39:45 +0000 UTC Push: 2023-02-03 05:39:48 +0000 UTC |

Live-Hack-CVE/CVE-2017-12102 An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convi CVE project by @Sn0wAlice Create: 2023-02-03 05:39:41 +0000 UTC Push: 2023-02-03 05:39:44 +0000 UTC |

Live-Hack-CVE/CVE-2017-12100 An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can co CVE project by @Sn0wAlice Create: 2023-02-03 05:39:38 +0000 UTC Push: 2023-02-03 05:39:40 +0000 UTC |

Live-Hack-CVE/CVE-2017-12101 An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An att CVE project by @Sn0wAlice Create: 2023-02-03 05:39:34 +0000 UTC Push: 2023-02-03 05:39:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-41026 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:34 +0000 UTC Push: 2023-02-03 03:29:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-41025 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:30 +0000 UTC Push: 2023-02-03 03:29:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-41024 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:26 +0000 UTC Push: 2023-02-03 03:29:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-41023 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:22 +0000 UTC Push: 2023-02-03 03:29:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-41022 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:18 +0000 UTC Push: 2023-02-03 03:29:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-41021 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:13 +0000 UTC Push: 2023-02-03 03:29:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-41020 Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer ove CVE project by @Sn0wAlice Create: 2023-02-03 03:29:09 +0000 UTC Push: 2023-02-03 03:29:12 +0000 UTC |

Live-Hack-CVE/CVE-2017-9614 ** DISPUTED ** The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code ca CVE project by @Sn0wAlice Create: 2023-02-03 03:28:59 +0000 UTC Push: 2023-02-03 03:29:02 +0000 UTC |

Live-Hack-CVE/CVE-2019-10153 A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM i CVE project by @Sn0wAlice Create: 2023-02-03 03:28:50 +0000 UTC Push: 2023-02-03 03:28:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-1289 A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. CVE project by @Sn0wAlice Create: 2023-02-03 03:28:46 +0000 UTC Push: 2023-02-03 03:28:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-23128 ** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. CVE project by @Sn0wAlice Create: 2023-02-03 02:23:35 +0000 UTC Push: 2023-02-03 02:23:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-23127 ** DISPUTED ** In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting. CVE project by @Sn0wAlice Create: 2023-02-03 02:23:31 +0000 UTC Push: 2023-02-03 02:23:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-0651 A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is t CVE project by @Sn0wAlice Create: 2023-02-03 02:23:27 +0000 UTC Push: 2023-02-03 02:23:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-0650 A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to CVE project by @Sn0wAlice Create: 2023-02-03 02:23:24 +0000 UTC Push: 2023-02-03 02:23:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-24445 Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. CVE project by @Sn0wAlice Create: 2023-02-03 02:23:20 +0000 UTC Push: 2023-02-03 02:23:22 +0000 UTC |

Live-Hack-CVE/CVE-2018-25078 man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) CVE project by @Sn0wAlice Create: 2023-02-03 02:23:16 +0000 UTC Push: 2023-02-03 02:23:18 +0000 UTC |