Live-Hack-CVE/CVE-2023-22347 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary CVE project by @Sn0wAlice Create: 2023-02-13 21:42:07 +0000 UTC Push: 2023-02-13 21:42:10 +0000 UTC |

Live-Hack-CVE/CVE-2023-22346 Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code CVE project by @Sn0wAlice Create: 2023-02-13 21:42:04 +0000 UTC Push: 2023-02-13 21:42:06 +0000 UTC |

Live-Hack-CVE/CVE-2023-22345 Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary CVE project by @Sn0wAlice Create: 2023-02-13 21:42:00 +0000 UTC Push: 2023-02-13 21:42:02 +0000 UTC |

Live-Hack-CVE/CVE-2022-43460 Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted. CVE project by @Sn0wAlice Create: 2023-02-13 21:41:56 +0000 UTC Push: 2023-02-13 21:41:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-0808 A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to lau CVE project by @Sn0wAlice Create: 2023-02-13 21:41:46 +0000 UTC Push: 2023-02-13 21:41:49 +0000 UTC |

Live-Hack-CVE/CVE-2023-25727 In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:33 +0000 UTC Push: 2023-02-13 20:31:35 +0000 UTC |

Live-Hack-CVE/CVE-2023-24572 Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:29 +0000 UTC Push: 2023-02-13 20:31:31 +0000 UTC |

Live-Hack-CVE/CVE-2023-23697 Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:26 +0000 UTC Push: 2023-02-13 20:31:28 +0000 UTC |

Live-Hack-CVE/CVE-2022-45455 Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:22 +0000 UTC Push: 2023-02-13 20:31:24 +0000 UTC |

Live-Hack-CVE/CVE-2022-45454 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:18 +0000 UTC Push: 2023-02-13 20:31:21 +0000 UTC |

Live-Hack-CVE/CVE-2022-34397 Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. CVE project by @Sn0wAlice Create: 2023-02-13 20:31:15 +0000 UTC Push: 2023-02-13 20:31:17 +0000 UTC |

cvedb/CVE-2020-2551 Create: 2023-02-13 17:41:22 +0000 UTC Push: 2023-02-13 17:42:01 +0000 UTC |

w3security/CVE-2020-2551 Create: 2023-02-13 17:41:22 +0000 UTC Push: 2023-02-13 17:42:01 +0000 UTC |

rvizx/CVE-2022-28368 Dompdf - RCE via Injeting a CSS file Create: 2023-02-13 16:10:00 +0000 UTC Push: 2023-02-14 16:33:51 +0000 UTC |

Live-Hack-CVE/CVE-2018-14634 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:41 +0000 UTC Push: 2023-02-13 14:49:43 +0000 UTC |

Live-Hack-CVE/CVE-2018-1047 A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:37 +0000 UTC Push: 2023-02-13 14:49:39 +0000 UTC |

Live-Hack-CVE/CVE-2018-16865 An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute cod CVE project by @Sn0wAlice Create: 2023-02-13 14:49:34 +0000 UTC Push: 2023-02-13 14:49:36 +0000 UTC |

Live-Hack-CVE/CVE-2018-16884 A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due CVE project by @Sn0wAlice Create: 2023-02-13 14:49:30 +0000 UTC Push: 2023-02-13 14:49:32 +0000 UTC |

Live-Hack-CVE/CVE-2018-16889 Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. CVE project by @Sn0wAlice Create: 2023-02-13 14:49:27 +0000 UTC Push: 2023-02-13 14:49:29 +0000 UTC |

Live-Hack-CVE/CVE-2018-16885 A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue onl CVE project by @Sn0wAlice Create: 2023-02-13 14:49:24 +0000 UTC Push: 2023-02-13 14:49:26 +0000 UTC |