Live-Hack-CVE/CVE-2020-8559 The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:28 +0000 UTC Push: 2023-01-28 05:40:30 +0000 UTC |

Live-Hack-CVE/CVE-2020-8557 The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If CVE project by @Sn0wAlice Create: 2023-01-28 05:40:24 +0000 UTC Push: 2023-01-28 05:40:26 +0000 UTC |

Live-Hack-CVE/CVE-2020-16207 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:20 +0000 UTC Push: 2023-01-28 05:40:22 +0000 UTC |

Live-Hack-CVE/CVE-2020-17446 asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, because of access to an uninitialized pointer in the array data decoder. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:16 +0000 UTC Push: 2023-01-28 05:40:18 +0000 UTC |

Live-Hack-CVE/CVE-2020-15689 Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 05:40:12 +0000 UTC Push: 2023-01-28 05:40:15 +0000 UTC |

Live-Hack-CVE/CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional p CVE project by @Sn0wAlice Create: 2023-01-28 05:40:09 +0000 UTC Push: 2023-01-28 05:40:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-14968 An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creati CVE project by @Sn0wAlice Create: 2023-01-28 05:40:05 +0000 UTC Push: 2023-01-28 05:40:07 +0000 UTC |

Live-Hack-CVE/CVE-2017-2788 A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requ CVE project by @Sn0wAlice Create: 2023-01-28 05:40:01 +0000 UTC Push: 2023-01-28 05:40:03 +0000 UTC |

Live-Hack-CVE/CVE-2017-2820 An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerabil CVE project by @Sn0wAlice Create: 2023-01-28 05:39:58 +0000 UTC Push: 2023-01-28 05:40:00 +0000 UTC |

Live-Hack-CVE/CVE-2017-14448 An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. CVE project by @Sn0wAlice Create: 2023-01-28 05:39:54 +0000 UTC Push: 2023-01-28 05:39:56 +0000 UTC |

waspthebughunter/CVE-2022-47873 Proof Of Concept for CVE-2022-47873 KEOS Software Create: 2023-01-28 05:03:37 +0000 UTC Push: 2023-01-28 05:22:01 +0000 UTC |

Live-Hack-CVE/CVE-2020-1751 An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnera CVE project by @Sn0wAlice Create: 2023-01-28 03:29:30 +0000 UTC Push: 2023-01-28 03:29:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-6692 Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:26 +0000 UTC Push: 2023-01-28 03:29:28 +0000 UTC |

Live-Hack-CVE/CVE-2018-6677 Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:22 +0000 UTC Push: 2023-01-28 03:29:25 +0000 UTC |

Live-Hack-CVE/CVE-2018-6590 CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:19 +0000 UTC Push: 2023-01-28 03:29:21 +0000 UTC |

Live-Hack-CVE/CVE-2018-6686 Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:15 +0000 UTC Push: 2023-01-28 03:29:17 +0000 UTC |

Live-Hack-CVE/CVE-2020-11958 re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:12 +0000 UTC Push: 2023-01-28 03:29:14 +0000 UTC |

Live-Hack-CVE/CVE-2020-1983 A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:08 +0000 UTC Push: 2023-01-28 03:29:10 +0000 UTC |

Live-Hack-CVE/CVE-2020-12267 setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:04 +0000 UTC Push: 2023-01-28 03:29:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-12767 exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. CVE project by @Sn0wAlice Create: 2023-01-28 03:29:00 +0000 UTC Push: 2023-01-28 03:29:03 +0000 UTC |