Live-Hack-CVE/CVE-2023-21450 Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:34 +0000 UTC Push: 2023-02-18 01:47:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-23007 An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:29 +0000 UTC Push: 2023-02-18 01:47:31 +0000 UTC |

Live-Hack-CVE/CVE-2022-47986 IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 CVE project by @Sn0wAlice Create: 2023-02-18 01:47:25 +0000 UTC Push: 2023-02-18 01:47:27 +0000 UTC |

Live-Hack-CVE/CVE-2023-23592 WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:21 +0000 UTC Push: 2023-02-18 01:47:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:17 +0000 UTC Push: 2023-02-18 01:47:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-45699 Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. CVE project by @Sn0wAlice Create: 2023-02-18 01:47:13 +0000 UTC Push: 2023-02-18 01:47:15 +0000 UTC |

Live-Hack-CVE/CVE-2022-48301 The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. CVE project by @Sn0wAlice Create: 2023-02-17 23:37:11 +0000 UTC Push: 2023-02-17 23:37:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-48296 The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. CVE project by @Sn0wAlice Create: 2023-02-17 23:37:08 +0000 UTC Push: 2023-02-17 23:37:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-0575 External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with CVE project by @Sn0wAlice Create: 2023-02-17 23:37:04 +0000 UTC Push: 2023-02-17 23:37:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-48295 The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). CVE project by @Sn0wAlice Create: 2023-02-17 23:37:00 +0000 UTC Push: 2023-02-17 23:37:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-48294 The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:54 +0000 UTC Push: 2023-02-17 23:36:56 +0000 UTC |

Live-Hack-CVE/CVE-2022-40032 SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:50 +0000 UTC Push: 2023-02-17 23:36:53 +0000 UTC |

Live-Hack-CVE/CVE-2022-32972 Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:46 +0000 UTC Push: 2023-02-17 23:36:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-23586 Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a ti CVE project by @Sn0wAlice Create: 2023-02-17 23:36:42 +0000 UTC Push: 2023-02-17 23:36:45 +0000 UTC |

Live-Hack-CVE/CVE-2022-40347 SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:38 +0000 UTC Push: 2023-02-17 23:36:41 +0000 UTC |

Live-Hack-CVE/CVE-2023-21419 An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:34 +0000 UTC Push: 2023-02-17 23:36:37 +0000 UTC |

Live-Hack-CVE/CVE-2023-21434 Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. CVE project by @Sn0wAlice Create: 2023-02-17 23:36:30 +0000 UTC Push: 2023-02-17 23:36:33 +0000 UTC |

Live-Hack-CVE/CVE-2022-37340 Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:22 +0000 UTC Push: 2023-02-17 21:23:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-36416 Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:18 +0000 UTC Push: 2023-02-17 21:23:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-36382 Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access. CVE project by @Sn0wAlice Create: 2023-02-17 21:23:14 +0000 UTC Push: 2023-02-17 21:23:16 +0000 UTC |