Live-Hack-CVE/CVE-2011-3344 CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page CVE project by @Sn0wAlice Create: 2023-02-03 00:10:39 +0000 UTC Push: 2023-02-03 00:10:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-3248 It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:35 +0000 UTC Push: 2023-02-03 00:10:38 +0000 UTC |

Live-Hack-CVE/CVE-2016-3693 A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:31 +0000 UTC Push: 2023-02-03 00:10:34 +0000 UTC |

Live-Hack-CVE/CVE-2012-3386 It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". CVE project by @Sn0wAlice Create: 2023-02-03 00:10:27 +0000 UTC Push: 2023-02-03 00:10:30 +0000 UTC |

Live-Hack-CVE/CVE-2017-15097 Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:24 +0000 UTC Push: 2023-02-03 00:10:26 +0000 UTC |

Live-Hack-CVE/CVE-2015-3247 A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of th CVE project by @Sn0wAlice Create: 2023-02-03 00:10:20 +0000 UTC Push: 2023-02-03 00:10:22 +0000 UTC |

Live-Hack-CVE/CVE-2011-3609 CVE-2011-3609 JBoss AS: CSRF in the administration console & HTTP management API CVE project by @Sn0wAlice Create: 2023-02-03 00:10:16 +0000 UTC Push: 2023-02-03 00:10:19 +0000 UTC |

Live-Hack-CVE/CVE-2016-3107 It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:12 +0000 UTC Push: 2023-02-03 00:10:15 +0000 UTC |

Live-Hack-CVE/CVE-2016-9922 CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE project by @Sn0wAlice Create: 2023-02-03 00:10:08 +0000 UTC Push: 2023-02-03 00:10:10 +0000 UTC |

Live-Hack-CVE/CVE-2017-7488 A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:03 +0000 UTC Push: 2023-02-03 00:10:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. CVE project by @Sn0wAlice Create: 2023-02-03 00:09:57 +0000 UTC Push: 2023-02-03 00:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-22458 Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well CVE project by @Sn0wAlice Create: 2023-02-03 00:09:52 +0000 UTC Push: 2023-02-03 00:09:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-3918 A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may int CVE project by @Sn0wAlice Create: 2023-02-03 00:09:48 +0000 UTC Push: 2023-02-03 00:09:51 +0000 UTC |

Live-Hack-CVE/CVE-2022-35977 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis ver CVE project by @Sn0wAlice Create: 2023-02-03 00:09:45 +0000 UTC Push: 2023-02-03 00:09:47 +0000 UTC |

Live-Hack-CVE/CVE-2018-3962 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If CVE project by @Sn0wAlice Create: 2023-02-03 00:09:41 +0000 UTC Push: 2023-02-03 00:09:43 +0000 UTC |

Live-Hack-CVE/CVE-2019-14892 A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-02-03 00:09:37 +0000 UTC Push: 2023-02-03 00:09:40 +0000 UTC |

duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC Create: 2023-02-02 23:34:28 +0000 UTC Push: 2023-02-02 23:34:29 +0000 UTC |

Live-Hack-CVE/CVE-2023-0643 Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:50 +0000 UTC Push: 2023-02-02 21:57:52 +0000 UTC |

Live-Hack-CVE/CVE-2023-0642 Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:46 +0000 UTC Push: 2023-02-02 21:57:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-46965 PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. CVE project by @Sn0wAlice Create: 2023-02-02 21:57:42 +0000 UTC Push: 2023-02-02 21:57:45 +0000 UTC |