Live-Hack-CVE/CVE-2022-40196 Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:24 +0000 UTC Push: 2023-02-15 03:39:26 +0000 UTC |

Live-Hack-CVE/CVE-2022-38136 Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:20 +0000 UTC Push: 2023-02-15 03:39:22 +0000 UTC |

Live-Hack-CVE/CVE-2022-41342 Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.7.1. for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. CVE project by @Sn0wAlice Create: 2023-02-15 03:39:17 +0000 UTC Push: 2023-02-15 03:39:19 +0000 UTC |

Live-Hack-CVE/CVE-2022-4902 A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack re CVE project by @Sn0wAlice Create: 2023-02-15 03:39:13 +0000 UTC Push: 2023-02-15 03:39:15 +0000 UTC |

Live-Hack-CVE/CVE-2023-23944 Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth CVE project by @Sn0wAlice Create: 2023-02-15 03:39:09 +0000 UTC Push: 2023-02-15 03:39:12 +0000 UTC |

Live-Hack-CVE/CVE-2017-7308 The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted CVE project by @Sn0wAlice Create: 2023-02-15 03:39:06 +0000 UTC Push: 2023-02-15 03:39:08 +0000 UTC |

Live-Hack-CVE/CVE-2023-0687 A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier as CVE project by @Sn0wAlice Create: 2023-02-15 03:39:01 +0000 UTC Push: 2023-02-15 03:39:03 +0000 UTC |

Live-Hack-CVE/CVE-2022-32656 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. CVE project by @Sn0wAlice Create: 2023-02-15 03:38:57 +0000 UTC Push: 2023-02-15 03:39:00 +0000 UTC |

Live-Hack-CVE/CVE-2022-42439 IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. CVE project by @Sn0wAlice Create: 2023-02-15 03:38:54 +0000 UTC Push: 2023-02-15 03:38:56 +0000 UTC |

Live-Hack-CVE/CVE-2023-24161 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:34 +0000 UTC Push: 2023-02-15 02:33:36 +0000 UTC |

Live-Hack-CVE/CVE-2023-24160 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:30 +0000 UTC Push: 2023-02-15 02:33:32 +0000 UTC |

Live-Hack-CVE/CVE-2023-24159 TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the admpass parameter in the setPasswordCfg function. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:26 +0000 UTC Push: 2023-02-15 02:33:29 +0000 UTC |

Live-Hack-CVE/CVE-2022-4286 A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:23 +0000 UTC Push: 2023-02-15 02:33:25 +0000 UTC |

Live-Hack-CVE/CVE-2014-6195 The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 CVE project by @Sn0wAlice Create: 2023-02-15 02:33:17 +0000 UTC Push: 2023-02-15 02:33:19 +0000 UTC |

Live-Hack-CVE/CVE-2020-4870 IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:13 +0000 UTC Push: 2023-02-15 02:33:15 +0000 UTC |

Live-Hack-CVE/CVE-2020-4675 IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186324. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:09 +0000 UTC Push: 2023-02-15 02:33:11 +0000 UTC |

Live-Hack-CVE/CVE-2021-29728 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:05 +0000 UTC Push: 2023-02-15 02:33:07 +0000 UTC |

Live-Hack-CVE/CVE-2021-29723 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. CVE project by @Sn0wAlice Create: 2023-02-15 02:33:01 +0000 UTC Push: 2023-02-15 02:33:04 +0000 UTC |

Live-Hack-CVE/CVE-2021-29722 IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. CVE project by @Sn0wAlice Create: 2023-02-15 02:32:58 +0000 UTC Push: 2023-02-15 02:33:00 +0000 UTC |

Live-Hack-CVE/CVE-2021-29841 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. CVE project by @Sn0wAlice Create: 2023-02-15 02:32:54 +0000 UTC Push: 2023-02-15 02:32:56 +0000 UTC |