YusinoMy/CVE-2023-23752 Joomla! 未授权访问漏洞 Create: 2023-02-18 11:36:54 +0000 UTC Push: 2023-02-18 11:36:58 +0000 UTC |

Live-Hack-CVE/CVE-2021-32846 HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficien CVE project by @Sn0wAlice Create: 2023-02-18 09:36:41 +0000 UTC Push: 2023-02-18 09:36:43 +0000 UTC |

Live-Hack-CVE/CVE-2021-32845 HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (in CVE project by @Sn0wAlice Create: 2023-02-18 09:36:38 +0000 UTC Push: 2023-02-18 09:36:40 +0000 UTC |

Live-Hack-CVE/CVE-2021-32844 HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. T CVE project by @Sn0wAlice Create: 2023-02-18 09:36:34 +0000 UTC Push: 2023-02-18 09:36:37 +0000 UTC |

Live-Hack-CVE/CVE-2021-32843 HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This is CVE project by @Sn0wAlice Create: 2023-02-18 09:36:31 +0000 UTC Push: 2023-02-18 09:36:33 +0000 UTC |

Live-Hack-CVE/CVE-2023-21593 Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interacti CVE project by @Sn0wAlice Create: 2023-02-18 07:23:23 +0000 UTC Push: 2023-02-18 07:23:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-23064 TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. CVE project by @Sn0wAlice Create: 2023-02-18 07:23:20 +0000 UTC Push: 2023-02-18 07:23:22 +0000 UTC |

Live-Hack-CVE/CVE-2023-22246 Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:23:16 +0000 UTC Push: 2023-02-18 07:23:19 +0000 UTC |

Live-Hack-CVE/CVE-2023-21584 FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a CVE project by @Sn0wAlice Create: 2023-02-18 07:23:13 +0000 UTC Push: 2023-02-18 07:23:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-22244 Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:23:10 +0000 UTC Push: 2023-02-18 07:23:12 +0000 UTC |

Live-Hack-CVE/CVE-2023-21583 Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vict CVE project by @Sn0wAlice Create: 2023-02-18 07:23:06 +0000 UTC Push: 2023-02-18 07:23:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-22243 Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:23:03 +0000 UTC Push: 2023-02-18 07:23:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-21577 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must o CVE project by @Sn0wAlice Create: 2023-02-18 07:23:00 +0000 UTC Push: 2023-02-18 07:23:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-22239 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:56 +0000 UTC Push: 2023-02-18 07:22:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-21576 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:53 +0000 UTC Push: 2023-02-18 07:22:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-22238 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:49 +0000 UTC Push: 2023-02-18 07:22:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-21575 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:46 +0000 UTC Push: 2023-02-18 07:22:48 +0000 UTC |

Live-Hack-CVE/CVE-2023-21574 Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:43 +0000 UTC Push: 2023-02-18 07:22:45 +0000 UTC |

Live-Hack-CVE/CVE-2023-22237 After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:39 +0000 UTC Push: 2023-02-18 07:22:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-0482 In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. CVE project by @Sn0wAlice Create: 2023-02-18 07:22:36 +0000 UTC Push: 2023-02-18 07:22:38 +0000 UTC |