Live-Hack-CVE/CVE-2020-11958 re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:12 +0000 UTC Push: 2023-01-28 03:29:14 +0000 UTC |

Live-Hack-CVE/CVE-2020-1983 A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:08 +0000 UTC Push: 2023-01-28 03:29:10 +0000 UTC |

Live-Hack-CVE/CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:04 +0000 UTC Push: 2023-01-28 03:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-12767 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:00 +0000 UTC Push: 2023-01-28 03:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2020-12823 OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:56 +0000 UTC Push: 2023-01-28 03:28:58 +0000 UTC |

Live-Hack-CVE/CVE-2018-6693 An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbi CVE project by @Sn0wAlice Create: 2023-01-28 03:28:52 +0000 UTC Push: 2023-01-28 03:28:55 +0000 UTC |

Live-Hack-CVE/CVE-2020-13112 An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:49 +0000 UTC Push: 2023-01-28 03:28:51 +0000 UTC |

Live-Hack-CVE/CVE-2020-11017 In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:45 +0000 UTC Push: 2023-01-28 03:28:47 +0000 UTC |

Live-Hack-CVE/CVE-2020-11018 In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:41 +0000 UTC Push: 2023-01-28 03:28:44 +0000 UTC |

Live-Hack-CVE/CVE-2020-11019 In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:38 +0000 UTC Push: 2023-01-28 03:28:40 +0000 UTC |

Live-Hack-CVE/CVE-2020-13775 ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:34 +0000 UTC Push: 2023-01-28 03:28:36 +0000 UTC |

Live-Hack-CVE/CVE-2020-7115 The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and high CVE project by @Sn0wAlice Create: 2023-01-28 03:28:30 +0000 UTC Push: 2023-01-28 03:28:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-10702 A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the sig CVE project by @Sn0wAlice Create: 2023-01-28 03:28:27 +0000 UTC Push: 2023-01-28 03:28:29 +0000 UTC |

Live-Hack-CVE/CVE-2020-4046 In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patch CVE project by @Sn0wAlice Create: 2023-01-28 03:28:23 +0000 UTC Push: 2023-01-28 03:28:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-6690 Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:19 +0000 UTC Push: 2023-01-28 03:28:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-13999 ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:15 +0000 UTC Push: 2023-01-28 03:28:18 +0000 UTC |

Live-Hack-CVE/CVE-2018-6689 Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:12 +0000 UTC Push: 2023-01-28 03:28:14 +0000 UTC |

Live-Hack-CVE/CVE-2018-6700 DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:08 +0000 UTC Push: 2023-01-28 03:28:10 +0000 UTC |

Live-Hack-CVE/CVE-2018-6703 Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:05 +0000 UTC Push: 2023-01-28 03:28:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-14148 The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. CVE project by @Sn0wAlice Create: 2023-01-28 03:28:01 +0000 UTC Push: 2023-01-28 03:28:03 +0000 UTC |