Live-Hack-CVE/CVE-2020-14395 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:07 +0000 UTC Push: 2023-02-01 19:23:09 +0000 UTC |

Live-Hack-CVE/CVE-2021-3439 HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. CVE project by @Sn0wAlice Create: 2023-02-01 19:23:03 +0000 UTC Push: 2023-02-01 19:23:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-24977 Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. CVE project by @Sn0wAlice Create: 2023-02-01 19:22:58 +0000 UTC Push: 2023-02-01 19:23:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-0587 A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\Sa CVE project by @Sn0wAlice Create: 2023-02-01 15:03:10 +0000 UTC Push: 2023-02-01 15:03:12 +0000 UTC |

Live-Hack-CVE/CVE-2022-4206 A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report CVE project by @Sn0wAlice Create: 2023-02-01 15:03:06 +0000 UTC Push: 2023-02-01 15:03:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-0454 OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. CVE project by @Sn0wAlice Create: 2023-02-01 15:03:03 +0000 UTC Push: 2023-02-01 15:03:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-23846 Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately un CVE project by @Sn0wAlice Create: 2023-02-01 15:02:59 +0000 UTC Push: 2023-02-01 15:03:02 +0000 UTC |

Live-Hack-CVE/CVE-2023-20856 VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:56 +0000 UTC Push: 2023-02-01 15:02:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0524 As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several d CVE project by @Sn0wAlice Create: 2023-02-01 15:02:52 +0000 UTC Push: 2023-02-01 15:02:55 +0000 UTC |

Live-Hack-CVE/CVE-2022-42973 A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monito CVE project by @Sn0wAlice Create: 2023-02-01 15:02:49 +0000 UTC Push: 2023-02-01 15:02:50 +0000 UTC |

Live-Hack-CVE/CVE-2021-22786 A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* a CVE project by @Sn0wAlice Create: 2023-02-01 15:02:45 +0000 UTC Push: 2023-02-01 15:02:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-0607 Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:41 +0000 UTC Push: 2023-02-01 15:02:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-4062 A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:37 +0000 UTC Push: 2023-02-01 15:02:40 +0000 UTC |

Live-Hack-CVE/CVE-2022-42970 A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:33 +0000 UTC Push: 2023-02-01 15:02:36 +0000 UTC |

Live-Hack-CVE/CVE-2022-2329 A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.2 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:30 +0000 UTC Push: 2023-02-01 15:02:32 +0000 UTC |

Live-Hack-CVE/CVE-2022-42971 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UP CVE project by @Sn0wAlice Create: 2023-02-01 15:02:25 +0000 UTC Push: 2023-02-01 15:02:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-42972 A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5 CVE project by @Sn0wAlice Create: 2023-02-01 15:02:22 +0000 UTC Push: 2023-02-01 15:02:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-24324 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073) CVE project by @Sn0wAlice Create: 2023-02-01 15:02:18 +0000 UTC Push: 2023-02-01 15:02:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-45101 Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:14 +0000 UTC Push: 2023-02-01 15:02:17 +0000 UTC |

Live-Hack-CVE/CVE-2022-45097 Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. CVE project by @Sn0wAlice Create: 2023-02-01 15:02:11 +0000 UTC Push: 2023-02-01 15:02:13 +0000 UTC |