Live-Hack-CVE/CVE-2019-5609 In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP seg CVE project by @Sn0wAlice Create: 2023-02-01 07:13:38 +0000 UTC Push: 2023-02-01 07:13:40 +0000 UTC |

Live-Hack-CVE/CVE-2019-5608 In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A re CVE project by @Sn0wAlice Create: 2023-02-01 07:13:34 +0000 UTC Push: 2023-02-01 07:13:36 +0000 UTC |

Live-Hack-CVE/CVE-2019-5610 In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of- CVE project by @Sn0wAlice Create: 2023-02-01 07:13:31 +0000 UTC Push: 2023-02-01 07:13:33 +0000 UTC |

Live-Hack-CVE/CVE-2019-5611 In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the CVE project by @Sn0wAlice Create: 2023-02-01 07:13:27 +0000 UTC Push: 2023-02-01 07:13:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-5612 In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the CVE project by @Sn0wAlice Create: 2023-02-01 07:13:24 +0000 UTC Push: 2023-02-01 07:13:26 +0000 UTC |

Live-Hack-CVE/CVE-2019-9921 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:20 +0000 UTC Push: 2023-02-01 07:13:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-45494 Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:16 +0000 UTC Push: 2023-02-01 07:13:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45297 EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:13 +0000 UTC Push: 2023-02-01 07:13:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-37708 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. CVE project by @Sn0wAlice Create: 2023-02-01 07:13:09 +0000 UTC Push: 2023-02-01 07:13:11 +0000 UTC |

Live-Hack-CVE/CVE-2022-32984 BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node CVE project by @Sn0wAlice Create: 2023-02-01 07:13:05 +0000 UTC Push: 2023-02-01 07:13:08 +0000 UTC |

Halcy0nic/CVE-2022-41220 Proof of concept for CVE-2022-41220 Create: 2023-02-01 07:05:31 +0000 UTC Push: 2023-02-01 07:05:32 +0000 UTC |

Halcy0nic/CVE-2022-34913 Proof of concept for CVE-2022-34913 Create: 2023-02-01 06:37:29 +0000 UTC Push: 2023-02-01 06:37:29 +0000 UTC |

Live-Hack-CVE/CVE-2019-14322 In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. CVE project by @Sn0wAlice Create: 2023-02-01 06:08:08 +0000 UTC Push: 2023-02-01 06:08:11 +0000 UTC |

Live-Hack-CVE/CVE-2016-15023 A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the CVE project by @Sn0wAlice Create: 2023-02-01 06:07:57 +0000 UTC Push: 2023-02-01 06:08:00 +0000 UTC |

Live-Hack-CVE/CVE-2019-19509 An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:53 +0000 UTC Push: 2023-02-01 06:07:56 +0000 UTC |

Halcy0nic/CVE-2022-34556 Proof of concept for CVE-2022-34556 Create: 2023-02-01 06:07:50 +0000 UTC Push: 2023-02-01 06:07:51 +0000 UTC |

Live-Hack-CVE/CVE-2019-19585 An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:50 +0000 UTC Push: 2023-02-01 06:07:52 +0000 UTC |

Live-Hack-CVE/CVE-2019-14834 A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:46 +0000 UTC Push: 2023-02-01 06:07:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-20387 repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. CVE project by @Sn0wAlice Create: 2023-02-01 06:07:43 +0000 UTC Push: 2023-02-01 06:07:45 +0000 UTC |

Live-Hack-CVE/CVE-2018-3914 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily l CVE project by @Sn0wAlice Create: 2023-02-01 06:07:39 +0000 UTC Push: 2023-02-01 06:07:41 +0000 UTC |