unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2022-45639
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. CVE project by @Sn0wAlice
Create: 2023-01-24 14:40:13 +0000 UTC Push: 2023-01-24 14:40:16 +0000 UTC |
Live-Hack-CVE/CVE-2020-24370
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). CVE project by @Sn0wAlice
Create: 2023-01-24 14:40:10 +0000 UTC Push: 2023-01-24 14:40:12 +0000 UTC |
Live-Hack-CVE/CVE-2020-14349
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replica CVE project by @Sn0wAlice
Create: 2023-01-24 14:40:06 +0000 UTC Push: 2023-01-24 14:40:08 +0000 UTC |
Live-Hack-CVE/CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions CVE project by @Sn0wAlice
Create: 2023-01-24 14:40:02 +0000 UTC Push: 2023-01-24 14:40:05 +0000 UTC |
Live-Hack-CVE/CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:59 +0000 UTC Push: 2023-01-24 14:40:01 +0000 UTC |
Live-Hack-CVE/CVE-2020-15701
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27 CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:56 +0000 UTC Push: 2023-01-24 14:39:58 +0000 UTC |
Live-Hack-CVE/CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:52 +0000 UTC Push: 2023-01-24 14:39:54 +0000 UTC |
Live-Hack-CVE/CVE-2013-0899
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:48 +0000 UTC Push: 2023-01-24 14:39:51 +0000 UTC |
Live-Hack-CVE/CVE-2020-15645
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:45 +0000 UTC Push: 2023-01-24 14:39:47 +0000 UTC |
Live-Hack-CVE/CVE-2020-8026
A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. This issue affects: openSUSE Leap 15.2 inn version 2.6.2-lp152.1.26 and prior versions. openSUSE CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:42 +0000 UTC Push: 2023-01-24 14:39:44 +0000 UTC |
Live-Hack-CVE/CVE-2020-15643
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTT CVE project by @Sn0wAlice
Create: 2023-01-24 14:39:38 +0000 UTC Push: 2023-01-24 14:39:39 +0000 UTC |
Live-Hack-CVE/CVE-2023-22484
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.g CVE project by @Sn0wAlice
Create: 2023-01-24 10:08:43 +0000 UTC Push: 2023-01-24 10:08:46 +0000 UTC |
Live-Hack-CVE/CVE-2023-22483
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gf CVE project by @Sn0wAlice
Create: 2023-01-24 10:08:40 +0000 UTC Push: 2023-01-24 10:08:42 +0000 UTC |
Live-Hack-CVE/CVE-2023-21796
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795. CVE project by @Sn0wAlice
Create: 2023-01-24 10:08:36 +0000 UTC Push: 2023-01-24 10:08:38 +0000 UTC |
Live-Hack-CVE/CVE-2023-21795
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. CVE project by @Sn0wAlice
Create: 2023-01-24 10:08:32 +0000 UTC Push: 2023-01-24 10:08:33 +0000 UTC |
Live-Hack-CVE/CVE-2023-21775
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. CVE project by @Sn0wAlice
Create: 2023-01-24 10:08:29 +0000 UTC Push: 2023-01-24 10:08:31 +0000 UTC |
Live-Hack-CVE/CVE-2023-21719
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. CVE project by @Sn0wAlice
Create: 2023-01-24 10:08:25 +0000 UTC Push: 2023-01-24 10:08:27 +0000 UTC |
Live-Hack-CVE/CVE-2023-23560
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. CVE project by @Sn0wAlice
Create: 2023-01-24 07:58:02 +0000 UTC Push: 2023-01-24 07:58:04 +0000 UTC |
Live-Hack-CVE/CVE-2023-22960
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. CVE project by @Sn0wAlice
Create: 2023-01-24 07:57:58 +0000 UTC Push: 2023-01-24 07:58:00 +0000 UTC |
Live-Hack-CVE/CVE-2023-22630
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI. CVE project by @Sn0wAlice
Create: 2023-01-24 07:57:54 +0000 UTC Push: 2023-01-24 07:57:57 +0000 UTC |
Previous
470
471
472
473
474
475
476
477
Next