Live-Hack-CVE/CVE-2022-3990 HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:38 +0000 UTC Push: 2023-02-01 19:23:41 +0000 UTC |

Live-Hack-CVE/CVE-2022-27538 A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:35 +0000 UTC Push: 2023-02-01 19:23:37 +0000 UTC |

Live-Hack-CVE/CVE-2022-27537 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:30 +0000 UTC Push: 2023-02-01 19:23:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-23455 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:26 +0000 UTC Push: 2023-02-01 19:23:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-23454 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:22 +0000 UTC Push: 2023-02-01 19:23:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-23453 Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:19 +0000 UTC Push: 2023-02-01 19:23:21 +0000 UTC |

Live-Hack-CVE/CVE-2021-3808 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:14 +0000 UTC Push: 2023-02-01 19:23:17 +0000 UTC |

Live-Hack-CVE/CVE-2021-3809 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:11 +0000 UTC Push: 2023-02-01 19:23:13 +0000 UTC |

Live-Hack-CVE/CVE-2020-14395 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:07 +0000 UTC Push: 2023-02-01 19:23:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-3439 HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:03 +0000 UTC Push: 2023-02-01 19:23:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24977 Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. CVE project by @Sn0wAlice Create: 2023-02-01 19:22:58 +0000 UTC Push: 2023-02-01 19:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0587 A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\Sa CVE project by @Sn0wAlice Create: 2023-02-01 15:03:10 +0000 UTC Push: 2023-02-01 15:03:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4206 A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report CVE project by @Sn0wAlice Create: 2023-02-01 15:03:06 +0000 UTC Push: 2023-02-01 15:03:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0454 OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. CVE project by @Sn0wAlice Create: 2023-02-01 15:03:03 +0000 UTC Push: 2023-02-01 15:03:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-23846 Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately un CVE project by @Sn0wAlice Create: 2023-02-01 15:02:59 +0000 UTC Push: 2023-02-01 15:03:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-20856 VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:56 +0000 UTC Push: 2023-02-01 15:02:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0524 As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several d CVE project by @Sn0wAlice Create: 2023-02-01 15:02:52 +0000 UTC Push: 2023-02-01 15:02:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-42973 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monito CVE project by @Sn0wAlice Create: 2023-02-01 15:02:49 +0000 UTC Push: 2023-02-01 15:02:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-22786 A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* a CVE project by @Sn0wAlice Create: 2023-02-01 15:02:45 +0000 UTC Push: 2023-02-01 15:02:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0607 Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:41 +0000 UTC Push: 2023-02-01 15:02:43 +0000 UTC |