Live-Hack-CVE/CVE-2007-6601 The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:33 +0000 UTC Push: 2023-01-19 07:58:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-6557 The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:26 +0000 UTC Push: 2023-01-19 07:58:28 +0000 UTC |

Live-Hack-CVE/CVE-2021-26409 Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:21 +0000 UTC Push: 2023-01-19 07:58:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:15 +0000 UTC Push: 2023-01-19 07:58:18 +0000 UTC |

Live-Hack-CVE/CVE-2023-22945 In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:11 +0000 UTC Push: 2023-01-19 07:58:14 +0000 UTC |

Live-Hack-CVE/CVE-2022-43389 A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:07 +0000 UTC Push: 2023-01-19 07:58:10 +0000 UTC |

Live-Hack-CVE/CVE-2021-26407 A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. CVE project by @Sn0wAlice Create: 2023-01-19 07:58:03 +0000 UTC Push: 2023-01-19 07:58:05 +0000 UTC |

Live-Hack-CVE/CVE-2021-26404 Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:59 +0000 UTC Push: 2023-01-19 07:58:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:56 +0000 UTC Push: 2023-01-19 07:57:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0290 Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" to schedule the collection for the server (as a server artifact), but only requir CVE project by @Sn0wAlice Create: 2023-01-19 07:57:48 +0000 UTC Push: 2023-01-19 07:57:50 +0000 UTC |

Live-Hack-CVE/CVE-2023-0164 OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:44 +0000 UTC Push: 2023-01-19 07:57:46 +0000 UTC |

Live-Hack-CVE/CVE-2022-4235 RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:39 +0000 UTC Push: 2023-01-19 07:57:42 +0000 UTC |

Live-Hack-CVE/CVE-2022-45927 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:36 +0000 UTC Push: 2023-01-19 07:57:38 +0000 UTC |

Live-Hack-CVE/CVE-2022-45923 An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker. CVE project by @Sn0wAlice Create: 2023-01-19 07:57:32 +0000 UTC Push: 2023-01-19 07:57:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-21606 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim CVE project by @Sn0wAlice Create: 2023-01-19 05:45:07 +0000 UTC Push: 2023-01-19 05:45:09 +0000 UTC |

Live-Hack-CVE/CVE-2023-21605 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a CVE project by @Sn0wAlice Create: 2023-01-19 05:45:02 +0000 UTC Push: 2023-01-19 05:45:05 +0000 UTC |

Live-Hack-CVE/CVE-2023-0040 Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted data into HTTP header fi CVE project by @Sn0wAlice Create: 2023-01-19 05:44:58 +0000 UTC Push: 2023-01-19 05:45:01 +0000 UTC |

Live-Hack-CVE/CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:53 +0000 UTC Push: 2023-01-19 05:44:55 +0000 UTC |

Live-Hack-CVE/CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:49 +0000 UTC Push: 2023-01-19 05:44:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. CVE project by @Sn0wAlice Create: 2023-01-19 05:44:44 +0000 UTC Push: 2023-01-19 05:44:47 +0000 UTC |