miko550/CVE-2022-46169 Create: 2023-02-03 02:21:08 +0000 UTC Push: 2023-02-03 02:21:09 +0000 UTC |

Live-Hack-CVE/CVE-2011-2920 CVE-2011-2920 Satellite: XSS flaw(s) in filter handling CVE project by @Sn0wAlice Create: 2023-02-03 00:11:02 +0000 UTC Push: 2023-02-03 00:11:05 +0000 UTC |

Live-Hack-CVE/CVE-2012-2386 CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension CVE project by @Sn0wAlice Create: 2023-02-03 00:10:59 +0000 UTC Push: 2023-02-03 00:11:01 +0000 UTC |

Live-Hack-CVE/CVE-2011-2487 A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:55 +0000 UTC Push: 2023-02-03 00:10:57 +0000 UTC |

Live-Hack-CVE/CVE-2011-2927 CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search CVE project by @Sn0wAlice Create: 2023-02-03 00:10:51 +0000 UTC Push: 2023-02-03 00:10:54 +0000 UTC |

Live-Hack-CVE/CVE-2018-1111 A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using CVE project by @Sn0wAlice Create: 2023-02-03 00:10:47 +0000 UTC Push: 2023-02-03 00:10:50 +0000 UTC |

Live-Hack-CVE/CVE-2011-4127 CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl CVE project by @Sn0wAlice Create: 2023-02-03 00:10:43 +0000 UTC Push: 2023-02-03 00:10:46 +0000 UTC |

Live-Hack-CVE/CVE-2011-3344 CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page CVE project by @Sn0wAlice Create: 2023-02-03 00:10:39 +0000 UTC Push: 2023-02-03 00:10:41 +0000 UTC |

Live-Hack-CVE/CVE-2015-3248 It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:35 +0000 UTC Push: 2023-02-03 00:10:38 +0000 UTC |

Live-Hack-CVE/CVE-2016-3693 A flaw was found in the provisioning template handling in foreman. An attacker, with permissions to create templates, can cause internal Rails information to be displayed when it is processed, resulting in potentially sensitive information being disclosed. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:31 +0000 UTC Push: 2023-02-03 00:10:34 +0000 UTC |

Live-Hack-CVE/CVE-2012-3386 It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". CVE project by @Sn0wAlice Create: 2023-02-03 00:10:27 +0000 UTC Push: 2023-02-03 00:10:30 +0000 UTC |

Live-Hack-CVE/CVE-2017-15097 Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:24 +0000 UTC Push: 2023-02-03 00:10:26 +0000 UTC |

Live-Hack-CVE/CVE-2015-3247 A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of th CVE project by @Sn0wAlice Create: 2023-02-03 00:10:20 +0000 UTC Push: 2023-02-03 00:10:22 +0000 UTC |

Live-Hack-CVE/CVE-2011-3609 CVE-2011-3609 JBoss AS: CSRF in the administration console & HTTP management API CVE project by @Sn0wAlice Create: 2023-02-03 00:10:16 +0000 UTC Push: 2023-02-03 00:10:19 +0000 UTC |

Live-Hack-CVE/CVE-2016-3107 It was found that the private key for the node certificate was contained in a world-readable file. A local user could possibly use this flaw to gain access to the private key information in the file. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:12 +0000 UTC Push: 2023-02-03 00:10:15 +0000 UTC |

Live-Hack-CVE/CVE-2016-9922 CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy CVE project by @Sn0wAlice Create: 2023-02-03 00:10:08 +0000 UTC Push: 2023-02-03 00:10:10 +0000 UTC |

Live-Hack-CVE/CVE-2017-7488 A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. CVE project by @Sn0wAlice Create: 2023-02-03 00:10:03 +0000 UTC Push: 2023-02-03 00:10:06 +0000 UTC |

Live-Hack-CVE/CVE-2022-48279 In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. CVE project by @Sn0wAlice Create: 2023-02-03 00:09:57 +0000 UTC Push: 2023-02-03 00:10:00 +0000 UTC |

Live-Hack-CVE/CVE-2023-22458 Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well CVE project by @Sn0wAlice Create: 2023-02-03 00:09:52 +0000 UTC Push: 2023-02-03 00:09:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-3918 A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may int CVE project by @Sn0wAlice Create: 2023-02-03 00:09:48 +0000 UTC Push: 2023-02-03 00:09:51 +0000 UTC |