Live-Hack-CVE/CVE-2023-0797 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:18 +0000 UTC Push: 2023-02-14 09:52:21 +0000 UTC |

Live-Hack-CVE/CVE-2023-0796 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:15 +0000 UTC Push: 2023-02-14 09:52:17 +0000 UTC |

Live-Hack-CVE/CVE-2023-0795 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:11 +0000 UTC Push: 2023-02-14 09:52:14 +0000 UTC |

Live-Hack-CVE/CVE-2023-0518 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:08 +0000 UTC Push: 2023-02-14 09:52:10 +0000 UTC |

Live-Hack-CVE/CVE-2022-4138 A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. CVE project by @Sn0wAlice Create: 2023-02-14 09:52:04 +0000 UTC Push: 2023-02-14 09:52:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-3759 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq CVE project by @Sn0wAlice Create: 2023-02-14 09:52:00 +0000 UTC Push: 2023-02-14 09:52:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-3411 A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. CVE project by @Sn0wAlice Create: 2023-02-14 09:51:55 +0000 UTC Push: 2023-02-14 09:51:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0776 Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been test CVE project by @Sn0wAlice Create: 2023-02-14 07:42:07 +0000 UTC Push: 2023-02-14 07:42:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-25572 react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField> CVE project by @Sn0wAlice Create: 2023-02-14 07:42:03 +0000 UTC Push: 2023-02-14 07:42:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-25241 bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:59 +0000 UTC Push: 2023-02-14 07:42:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-25240 An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:55 +0000 UTC Push: 2023-02-14 07:41:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-25162 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass CVE project by @Sn0wAlice Create: 2023-02-14 07:41:52 +0000 UTC Push: 2023-02-14 07:41:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-25161 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact wh CVE project by @Sn0wAlice Create: 2023-02-14 07:41:48 +0000 UTC Push: 2023-02-14 07:41:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-25160 Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:44 +0000 UTC Push: 2023-02-14 07:41:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-24648 Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:40 +0000 UTC Push: 2023-02-14 07:41:43 +0000 UTC |

Live-Hack-CVE/CVE-2023-24647 Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:37 +0000 UTC Push: 2023-02-14 07:41:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-24646 An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:33 +0000 UTC Push: 2023-02-14 07:41:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24086 SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:29 +0000 UTC Push: 2023-02-14 07:41:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-4905 A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Up CVE project by @Sn0wAlice Create: 2023-02-14 07:41:26 +0000 UTC Push: 2023-02-14 07:41:28 +0000 UTC |

Live-Hack-CVE/CVE-2023-24084 ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function. CVE project by @Sn0wAlice Create: 2023-02-14 07:41:22 +0000 UTC Push: 2023-02-14 07:41:25 +0000 UTC |