Live-Hack-CVE/CVE-2023-0607 Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:41 +0000 UTC Push: 2023-02-01 15:02:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4062 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:37 +0000 UTC Push: 2023-02-01 15:02:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-42970 A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:33 +0000 UTC Push: 2023-02-01 15:02:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-2329 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.2 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:30 +0000 UTC Push: 2023-02-01 15:02:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42971 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UP CVE project by @Sn0wAlice Create: 2023-02-01 15:02:25 +0000 UTC Push: 2023-02-01 15:02:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-42972 A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:22 +0000 UTC Push: 2023-02-01 15:02:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-24324 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:18 +0000 UTC Push: 2023-02-01 15:02:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-45101 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:14 +0000 UTC Push: 2023-02-01 15:02:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-45097 Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:11 +0000 UTC Push: 2023-02-01 15:02:13 +0000 UTC |

Live-Hack-CVE/CVE-2022-45096 Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:07 +0000 UTC Push: 2023-02-01 15:02:09 +0000 UTC |

Live-Hack-CVE/CVE-2022-45095 Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data CVE project by @Sn0wAlice Create: 2023-02-01 15:02:04 +0000 UTC Push: 2023-02-01 15:02:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-34459 Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:00 +0000 UTC Push: 2023-02-01 15:02:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-34443 Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:56 +0000 UTC Push: 2023-02-01 15:01:59 +0000 UTC |

Live-Hack-CVE/CVE-2022-34458 Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential CVE project by @Sn0wAlice Create: 2023-02-01 15:01:53 +0000 UTC Push: 2023-02-01 15:01:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-25916 Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:49 +0000 UTC Push: 2023-02-01 15:01:52 +0000 UTC |

Live-Hack-CVE/CVE-2022-34400 Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:46 +0000 UTC Push: 2023-02-01 15:01:48 +0000 UTC |

Live-Hack-CVE/CVE-2022-25906 All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. CVE project by @Sn0wAlice Create: 2023-02-01 15:01:42 +0000 UTC Push: 2023-02-01 15:01:44 +0000 UTC |

masahiro331/cve-2022-25927 Create: 2023-02-01 12:16:47 +0000 UTC Push: 2023-02-01 12:16:47 +0000 UTC |

Cedric1314/CVE-2022-47872 Create: 2023-02-01 10:34:19 +0000 UTC Push: 2023-02-01 10:34:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-21532 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. CVE project by @Sn0wAlice Create: 2023-02-01 09:26:00 +0000 UTC Push: 2023-02-01 09:26:03 +0000 UTC |