Live-Hack-CVE/CVE-2022-38205 In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). CVE project by @Sn0wAlice Create: 2023-01-06 07:34:35 +0000 UTC Push: 2023-01-06 07:34:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-38204 There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:31 +0000 UTC Push: 2023-01-06 07:34:33 +0000 UTC |

Live-Hack-CVE/CVE-2021-40341 DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOX CVE project by @Sn0wAlice Create: 2023-01-06 07:34:26 +0000 UTC Push: 2023-01-06 07:34:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-3929 Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXM CVE project by @Sn0wAlice Create: 2023-01-06 07:34:21 +0000 UTC Push: 2023-01-06 07:34:25 +0000 UTC |

Live-Hack-CVE/CVE-2022-3928 Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOX CVE project by @Sn0wAlice Create: 2023-01-06 07:34:16 +0000 UTC Push: 2023-01-06 07:34:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-3927 The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-U CVE project by @Sn0wAlice Create: 2023-01-06 07:34:11 +0000 UTC Push: 2023-01-06 07:34:14 +0000 UTC |

Live-Hack-CVE/CVE-2021-41010 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:07 +0000 UTC Push: 2023-01-06 07:34:10 +0000 UTC |

Live-Hack-CVE/CVE-2021-41009 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:34:02 +0000 UTC Push: 2023-01-06 07:34:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-41008 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:57 +0000 UTC Push: 2023-01-06 07:34:01 +0000 UTC |

Live-Hack-CVE/CVE-2021-41007 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:53 +0000 UTC Push: 2023-01-06 07:33:56 +0000 UTC |

Live-Hack-CVE/CVE-2021-41006 CVE was unused by HPE. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:48 +0000 UTC Push: 2023-01-06 07:33:52 +0000 UTC |

Live-Hack-CVE/CVE-2021-40342 In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN CVE project by @Sn0wAlice Create: 2023-01-06 07:33:44 +0000 UTC Push: 2023-01-06 07:33:47 +0000 UTC |

Live-Hack-CVE/CVE-2014-125045 A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The name of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a pat CVE project by @Sn0wAlice Create: 2023-01-06 07:33:40 +0000 UTC Push: 2023-01-06 07:33:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4802 Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:36 +0000 UTC Push: 2023-01-06 07:33:39 +0000 UTC |

Live-Hack-CVE/CVE-2022-34680 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:31 +0000 UTC Push: 2023-01-06 07:33:34 +0000 UTC |

Live-Hack-CVE/CVE-2022-42259 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:24 +0000 UTC Push: 2023-01-06 07:33:27 +0000 UTC |

Live-Hack-CVE/CVE-2022-42258 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:20 +0000 UTC Push: 2023-01-06 07:33:23 +0000 UTC |

Live-Hack-CVE/CVE-2022-42257 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. CVE project by @Sn0wAlice Create: 2023-01-06 07:33:15 +0000 UTC Push: 2023-01-06 07:33:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-0086 The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forged request granted the CVE project by @Sn0wAlice Create: 2023-01-06 05:23:07 +0000 UTC Push: 2023-01-06 05:23:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22454 Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has the "require mode CVE project by @Sn0wAlice Create: 2023-01-06 05:23:03 +0000 UTC Push: 2023-01-06 05:23:05 +0000 UTC |