jnschaeffer/cve-2022-44268-detector Detect images that likely exploit CVE-2022-44268 Create: 2023-02-04 09:35:08 +0000 UTC Push: 2023-02-04 09:35:09 +0000 UTC |

Live-Hack-CVE/CVE-2020-10883 This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the f CVE project by @Sn0wAlice Create: 2023-02-04 09:29:16 +0000 UTC Push: 2023-02-04 09:29:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-10882 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by defau CVE project by @Sn0wAlice Create: 2023-02-04 09:29:12 +0000 UTC Push: 2023-02-04 09:29:14 +0000 UTC |

Live-Hack-CVE/CVE-2020-6806 By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR CVE project by @Sn0wAlice Create: 2023-02-04 09:29:08 +0000 UTC Push: 2023-02-04 09:29:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-4309 IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. CVE project by @Sn0wAlice Create: 2023-02-04 09:29:04 +0000 UTC Push: 2023-02-04 09:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2019-3721 Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges to cause the application to compress each of the requested bytes, resulting in a crash due to excessive CVE project by @Sn0wAlice Create: 2023-02-04 09:29:01 +0000 UTC Push: 2023-02-04 09:29:03 +0000 UTC |

Live-Hack-CVE/CVE-2019-13725 Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:57 +0000 UTC Push: 2023-02-04 09:29:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-18422 An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing process CVE project by @Sn0wAlice Create: 2023-02-04 09:28:54 +0000 UTC Push: 2023-02-04 09:28:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-45868 In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:48 +0000 UTC Push: 2023-02-04 09:28:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-13750 Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:44 +0000 UTC Push: 2023-02-04 09:28:47 +0000 UTC |

Live-Hack-CVE/CVE-2019-13754 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:41 +0000 UTC Push: 2023-02-04 09:28:43 +0000 UTC |

Live-Hack-CVE/CVE-2021-24374 The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leake CVE project by @Sn0wAlice Create: 2023-02-04 09:28:37 +0000 UTC Push: 2023-02-04 09:28:39 +0000 UTC |

Live-Hack-CVE/CVE-2019-13749 Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:33 +0000 UTC Push: 2023-02-04 09:28:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-10440 Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:30 +0000 UTC Push: 2023-02-04 09:28:32 +0000 UTC |

Live-Hack-CVE/CVE-2019-10443 Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:26 +0000 UTC Push: 2023-02-04 09:28:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-24806 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:23 +0000 UTC Push: 2023-02-04 09:28:25 +0000 UTC |

Live-Hack-CVE/CVE-2013-10018 A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the pat CVE project by @Sn0wAlice Create: 2023-02-04 09:28:19 +0000 UTC Push: 2023-02-04 09:28:22 +0000 UTC |

Live-Hack-CVE/CVE-2013-10017 A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a pa CVE project by @Sn0wAlice Create: 2023-02-04 09:28:16 +0000 UTC Push: 2023-02-04 09:28:18 +0000 UTC |

Live-Hack-CVE/CVE-2022-28711 A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:12 +0000 UTC Push: 2023-02-04 09:28:15 +0000 UTC |

Live-Hack-CVE/CVE-2019-15015 In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. CVE project by @Sn0wAlice Create: 2023-02-04 09:28:09 +0000 UTC Push: 2023-02-04 09:28:11 +0000 UTC |