Live-Hack-CVE/CVE-2022-43513 A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move f CVE project by @Sn0wAlice Create: 2023-01-10 22:17:15 +0000 UTC Push: 2023-01-10 22:17:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-38773 Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-10 22:17:10 +0000 UTC Push: 2023-01-10 22:17:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-22903 api/views/user.py in LibrePhotos before e19e539 has incorrect access control. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:55 +0000 UTC Push: 2023-01-10 20:06:58 +0000 UTC |

Live-Hack-CVE/CVE-2021-46871 tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:50 +0000 UTC Push: 2023-01-10 20:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2017-20166 Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:46 +0000 UTC Push: 2023-01-10 20:06:49 +0000 UTC |

Live-Hack-CVE/CVE-2022-48251 ** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." CVE project by @Sn0wAlice Create: 2023-01-10 20:06:41 +0000 UTC Push: 2023-01-10 20:06:44 +0000 UTC |

Live-Hack-CVE/CVE-2023-22911 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:37 +0000 UTC Push: 2023-01-10 20:06:40 +0000 UTC |

Live-Hack-CVE/CVE-2023-22909 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:32 +0000 UTC Push: 2023-01-10 20:06:35 +0000 UTC |

Live-Hack-CVE/CVE-2022-4429 Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 CVE project by @Sn0wAlice Create: 2023-01-10 20:06:27 +0000 UTC Push: 2023-01-10 20:06:30 +0000 UTC |

Live-Hack-CVE/CVE-2022-4294 Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. CVE project by @Sn0wAlice Create: 2023-01-10 20:06:22 +0000 UTC Push: 2023-01-10 20:06:25 +0000 UTC |

Live-Hack-CVE/CVE-2023-0012 In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by securi CVE project by @Sn0wAlice Create: 2023-01-10 14:37:23 +0000 UTC Push: 2023-01-10 14:37:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0013 The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause lim CVE project by @Sn0wAlice Create: 2023-01-10 14:37:18 +0000 UTC Push: 2023-01-10 14:37:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-32657 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042. CVE project by @Sn0wAlice Create: 2023-01-10 14:37:10 +0000 UTC Push: 2023-01-10 14:37:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-32658 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059. CVE project by @Sn0wAlice Create: 2023-01-10 14:37:05 +0000 UTC Push: 2023-01-10 14:37:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-32659 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066. CVE project by @Sn0wAlice Create: 2023-01-10 14:37:01 +0000 UTC Push: 2023-01-10 14:37:04 +0000 UTC |

Live-Hack-CVE/CVE-2023-0016 SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database. CVE project by @Sn0wAlice Create: 2023-01-10 14:36:57 +0000 UTC Push: 2023-01-10 14:36:59 +0000 UTC |

Live-Hack-CVE/CVE-2023-0014 SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could CVE project by @Sn0wAlice Create: 2023-01-10 14:36:52 +0000 UTC Push: 2023-01-10 14:36:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-22320 OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. CVE project by @Sn0wAlice Create: 2023-01-10 14:36:48 +0000 UTC Push: 2023-01-10 14:36:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-0023 In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application. CVE project by @Sn0wAlice Create: 2023-01-10 14:36:43 +0000 UTC Push: 2023-01-10 14:36:46 +0000 UTC |

Live-Hack-CVE/CVE-2023-0022 SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on t CVE project by @Sn0wAlice Create: 2023-01-10 14:36:39 +0000 UTC Push: 2023-01-10 14:36:42 +0000 UTC |