Live-Hack-CVE/CVE-2023-22912 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:21 +0000 UTC Push: 2023-01-21 04:04:24 +0000 UTC |

Live-Hack-CVE/CVE-2023-22910 An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:17 +0000 UTC Push: 2023-01-21 04:04:20 +0000 UTC |

Live-Hack-CVE/CVE-2022-38112 In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:13 +0000 UTC Push: 2023-01-21 04:04:16 +0000 UTC |

Live-Hack-CVE/CVE-2022-38110 In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:09 +0000 UTC Push: 2023-01-21 04:04:11 +0000 UTC |

Live-Hack-CVE/CVE-2020-12872 yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. CVE project by @Sn0wAlice Create: 2023-01-21 04:04:05 +0000 UTC Push: 2023-01-21 04:04:07 +0000 UTC |

Live-Hack-CVE/CVE-2020-7663 websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be ab CVE project by @Sn0wAlice Create: 2023-01-21 04:04:00 +0000 UTC Push: 2023-01-21 04:04:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-12109 Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:56 +0000 UTC Push: 2023-01-21 04:03:58 +0000 UTC |

Live-Hack-CVE/CVE-2020-12059 An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:51 +0000 UTC Push: 2023-01-21 04:03:54 +0000 UTC |

Live-Hack-CVE/CVE-2021-46795 A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:46 +0000 UTC Push: 2023-01-21 04:03:49 +0000 UTC |

Live-Hack-CVE/CVE-2019-20811 An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:42 +0000 UTC Push: 2023-01-21 04:03:45 +0000 UTC |

Live-Hack-CVE/CVE-2020-1771 Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:38 +0000 UTC Push: 2023-01-21 04:03:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-18198 In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:33 +0000 UTC Push: 2023-01-21 04:03:36 +0000 UTC |

Live-Hack-CVE/CVE-2021-46791 Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. CVE project by @Sn0wAlice Create: 2023-01-21 04:03:29 +0000 UTC Push: 2023-01-21 04:03:32 +0000 UTC |

Live-Hack-CVE/CVE-2017-16327 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-21 04:03:25 +0000 UTC Push: 2023-01-21 04:03:28 +0000 UTC |

Live-Hack-CVE/CVE-2017-16326 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-21 04:03:21 +0000 UTC Push: 2023-01-21 04:03:24 +0000 UTC |

Live-Hack-CVE/CVE-2019-10067 An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. CVE project by @Sn0wAlice Create: 2023-01-21 01:55:45 +0000 UTC Push: 2023-01-21 01:55:48 +0000 UTC |

Live-Hack-CVE/CVE-2019-14464 XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. CVE project by @Sn0wAlice Create: 2023-01-21 01:55:42 +0000 UTC Push: 2023-01-21 01:55:44 +0000 UTC |

Live-Hack-CVE/CVE-2017-16331 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-21 01:55:37 +0000 UTC Push: 2023-01-21 01:55:40 +0000 UTC |

Live-Hack-CVE/CVE-2017-16330 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-21 01:55:33 +0000 UTC Push: 2023-01-21 01:55:36 +0000 UTC |

Live-Hack-CVE/CVE-2017-16329 Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authentica CVE project by @Sn0wAlice Create: 2023-01-21 01:55:30 +0000 UTC Push: 2023-01-21 01:55:32 +0000 UTC |