Live-Hack-CVE/CVE-2022-42280 NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:36 +0000 UTC Push: 2023-01-13 14:14:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-42279 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:32 +0000 UTC Push: 2023-01-13 14:14:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-42278 NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:28 +0000 UTC Push: 2023-01-13 14:14:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-42277 NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:24 +0000 UTC Push: 2023-01-13 14:14:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-42276 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:20 +0000 UTC Push: 2023-01-13 14:14:23 +0000 UTC |

Live-Hack-CVE/CVE-2023-23559 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:16 +0000 UTC Push: 2023-01-13 14:14:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-48258 In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:12 +0000 UTC Push: 2023-01-13 14:14:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48257 In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:08 +0000 UTC Push: 2023-01-13 14:14:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-48256 Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:04 +0000 UTC Push: 2023-01-13 14:14:07 +0000 UTC |

Live-Hack-CVE/CVE-2022-46478 The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. CVE project by @Sn0wAlice Create: 2023-01-13 14:14:00 +0000 UTC Push: 2023-01-13 14:14:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-46471 Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:57 +0000 UTC Push: 2023-01-13 14:13:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-42275 NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:53 +0000 UTC Push: 2023-01-13 14:13:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-42274 NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:49 +0000 UTC Push: 2023-01-13 14:13:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-3161 The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:45 +0000 UTC Push: 2023-01-13 14:13:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-3160 The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:42 +0000 UTC Push: 2023-01-13 14:13:44 +0000 UTC |

Live-Hack-CVE/CVE-2022-3159 The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:38 +0000 UTC Push: 2023-01-13 14:13:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-0237 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:34 +0000 UTC Push: 2023-01-13 14:13:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-0235 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:30 +0000 UTC Push: 2023-01-13 14:13:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-21191 Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. CVE project by @Sn0wAlice Create: 2023-01-13 14:13:26 +0000 UTC Push: 2023-01-13 14:13:28 +0000 UTC |

Anthonyc3rb3ru5/CVE-2022-46169 Exploit to CVE-2022-46169 vulnerability Create: 2023-01-13 13:37:56 +0000 UTC Push: 2023-01-13 13:37:56 +0000 UTC |