Live-Hack-CVE/CVE-2019-16091 Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:37 +0000 UTC Push: 2023-02-04 08:20:39 +0000 UTC |

Live-Hack-CVE/CVE-2023-23615 Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embedda CVE project by @Sn0wAlice Create: 2023-02-04 08:20:33 +0000 UTC Push: 2023-02-04 08:20:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-23082 A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. CVE project by @Sn0wAlice Create: 2023-02-04 08:20:30 +0000 UTC Push: 2023-02-04 08:20:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-22746 CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shar CVE project by @Sn0wAlice Create: 2023-02-04 08:20:26 +0000 UTC Push: 2023-02-04 08:20:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-24895 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers t CVE project by @Sn0wAlice Create: 2023-02-04 08:20:23 +0000 UTC Push: 2023-02-04 08:20:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-24894 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set CVE project by @Sn0wAlice Create: 2023-02-04 08:20:19 +0000 UTC Push: 2023-02-04 08:20:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-23498 Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can d CVE project by @Sn0wAlice Create: 2023-02-04 08:20:16 +0000 UTC Push: 2023-02-04 08:20:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-4156 IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158572. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:56 +0000 UTC Push: 2023-02-04 06:06:58 +0000 UTC |

Live-Hack-CVE/CVE-2019-4157 IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158573. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:52 +0000 UTC Push: 2023-02-04 06:06:54 +0000 UTC |

Live-Hack-CVE/CVE-2019-4250 IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust CVE project by @Sn0wAlice Create: 2023-02-04 06:06:48 +0000 UTC Push: 2023-02-04 06:06:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-4295 IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker with specialized access to obtain highly sensitive from the credential vault. IBM X-Force ID: 160758. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:45 +0000 UTC Push: 2023-02-04 06:06:47 +0000 UTC |

Live-Hack-CVE/CVE-2019-4269 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console could allow a remote attacker to obtain sensitive information when a specially crafted url causes a stack trace to be dumped. IBM X-Force ID: 160202. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:41 +0000 UTC Push: 2023-02-04 06:06:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4252 IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:38 +0000 UTC Push: 2023-02-04 06:06:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-4296 IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:34 +0000 UTC Push: 2023-02-04 06:06:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-4140 IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:30 +0000 UTC Push: 2023-02-04 06:06:32 +0000 UTC |

Live-Hack-CVE/CVE-2019-4260 IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:26 +0000 UTC Push: 2023-02-04 06:06:28 +0000 UTC |

Live-Hack-CVE/CVE-2019-17342 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:22 +0000 UTC Push: 2023-02-04 06:06:24 +0000 UTC |

Live-Hack-CVE/CVE-2019-17350 An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:18 +0000 UTC Push: 2023-02-04 06:06:21 +0000 UTC |

Live-Hack-CVE/CVE-2019-17341 An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:14 +0000 UTC Push: 2023-02-04 06:06:16 +0000 UTC |

Live-Hack-CVE/CVE-2019-4263 IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015. CVE project by @Sn0wAlice Create: 2023-02-04 06:06:10 +0000 UTC Push: 2023-02-04 06:06:13 +0000 UTC |