Live-Hack-CVE/CVE-2019-10163 A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected b CVE project by @Sn0wAlice Create: 2023-02-03 23:30:15 +0000 UTC Push: 2023-02-03 23:30:18 +0000 UTC |

Live-Hack-CVE/CVE-2019-7003 A SQL injection vulnerability in the reporting component of Avaya Control Manager could allow an unauthenticated attacker to execute arbitrary SQL commands and retrieve sensitive data related to other users on the system. Affected versions of Avaya Control Manager include 7.x and 8.0.x versions prior to 8.0.4.0. Unsupp CVE project by @Sn0wAlice Create: 2023-02-03 23:30:11 +0000 UTC Push: 2023-02-03 23:30:13 +0000 UTC |

Live-Hack-CVE/CVE-2021-21781 An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at CVE project by @Sn0wAlice Create: 2023-02-03 23:30:07 +0000 UTC Push: 2023-02-03 23:30:10 +0000 UTC |

Live-Hack-CVE/CVE-2019-4210 IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986. CVE project by @Sn0wAlice Create: 2023-02-03 23:30:03 +0000 UTC Push: 2023-02-03 23:30:05 +0000 UTC |

Live-Hack-CVE/CVE-2019-7307 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause CVE project by @Sn0wAlice Create: 2023-02-03 23:29:59 +0000 UTC Push: 2023-02-03 23:30:02 +0000 UTC |

Live-Hack-CVE/CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:55 +0000 UTC Push: 2023-02-03 23:29:58 +0000 UTC |

Live-Hack-CVE/CVE-2023-24425 Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:52 +0000 UTC Push: 2023-02-03 23:29:54 +0000 UTC |

Live-Hack-CVE/CVE-2023-24426 Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:48 +0000 UTC Push: 2023-02-03 23:29:50 +0000 UTC |

Live-Hack-CVE/CVE-2019-4207 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:42 +0000 UTC Push: 2023-02-03 23:29:44 +0000 UTC |

Live-Hack-CVE/CVE-2019-4238 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159464. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:38 +0000 UTC Push: 2023-02-03 23:29:41 +0000 UTC |

Live-Hack-CVE/CVE-2019-4220 IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:34 +0000 UTC Push: 2023-02-03 23:29:37 +0000 UTC |

Live-Hack-CVE/CVE-2019-4208 IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:31 +0000 UTC Push: 2023-02-03 23:29:33 +0000 UTC |

Live-Hack-CVE/CVE-2020-4788 IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. CVE project by @Sn0wAlice Create: 2023-02-03 23:29:23 +0000 UTC Push: 2023-02-03 23:29:26 +0000 UTC |

Live-Hack-CVE/CVE-2023-0549 A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initia CVE project by @Sn0wAlice Create: 2023-02-03 21:16:28 +0000 UTC Push: 2023-02-03 21:16:30 +0000 UTC |

Live-Hack-CVE/CVE-2023-25139 sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buf CVE project by @Sn0wAlice Create: 2023-02-03 20:07:56 +0000 UTC Push: 2023-02-03 20:07:57 +0000 UTC |

Live-Hack-CVE/CVE-2023-25136 OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not CVE project by @Sn0wAlice Create: 2023-02-03 20:07:52 +0000 UTC Push: 2023-02-03 20:07:54 +0000 UTC |

Live-Hack-CVE/CVE-2022-48074 An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:48 +0000 UTC Push: 2023-02-03 20:07:51 +0000 UTC |

Live-Hack-CVE/CVE-2023-23130 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during tr CVE project by @Sn0wAlice Create: 2023-02-03 20:07:44 +0000 UTC Push: 2023-02-03 20:07:47 +0000 UTC |

Live-Hack-CVE/CVE-2023-23126 ** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack. CVE project by @Sn0wAlice Create: 2023-02-03 20:07:40 +0000 UTC Push: 2023-02-03 20:07:43 +0000 UTC |

Live-Hack-CVE/CVE-2022-2327 io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the CVE project by @Sn0wAlice Create: 2023-02-03 20:07:36 +0000 UTC Push: 2023-02-03 20:07:38 +0000 UTC |